We kick off this thread with a piece by the ever thoughtful Stratfor.com

Cyberwarfare 101: The Internet Is Mightier Than the SwordStratfor Today » April 15, 2008 | 1347 GMT SummaryTo say that the Internet is growing in importance these days is an understatement. It is perhaps less obvious to most people that cyberspace is also becoming weaponized. In addition to being a revolutionary medium of communication, the Internet also offers a devastating means of waging war. Understanding the evolution of the Internet is key to understanding the future and effectiveness of cyberwarfare.

Analysis

Editor’s note: This is the first in a series of analyses on the emergence of cyberspace as battlespace. The series will be ongoing, with the initial pieces serving as a kind of primer on the Internet. Subsequent analyses will look at specific ways nations are dealing with the growing threat of cyberwar and its military, economic and geopolitical ramifications.

Related Special Topic PageCyberwarfare Related LinksCyberwarfare: A Glossary of Useful Terms A Brief History

Although cyberspace has already established itself as a new medium for all manner of human interactions, its pervasive growth presents profound implications for geopolitical security. Nations, organizations and individuals alike are relying more and more on the Internet in unprecedented ways. This growing dependency entails vulnerability, which is one reason the Internet was created in the first place.

Older than many people might think, the Internet began in the 1950s as a group of primitive networks designed to share research data inside and among academic institutions (notably the RAND Corp.) and air surveillance data between military radar installations (notably the U.S. Semi-Automatic Ground Environment). The former use was based on the need for researchers across the country to access the few really powerful research computers operating at the time. The latter use was an outgrowth of the Soviet Union’s newfound intercontinental reach: the Tu-95 Bear strategic bomber, a large swept-wing four-engine turboprop that began operations in the mid 1950s with a combat radius in excess of 4,500 miles.

(click to view timeline)

The Soviets’ 1957 Sputnik launch spooked the Americans even more. Terrified that it had fallen behind Russia in science and technology, the United States scrambled to catch up. This effort involved, among other things, creation of the Pentagon’s Advanced Research Projects Agency (ARPA). Later “Defense” would be tacked on to the agency’s name to create DARPA (which still exists today). One of ARPA’s early creations was ARPAnet, one of the seminal precursors to the Internet. ARPAnet’s design would be informed by a government-funded RAND study that advocated for a distributed network architecture that could survive — at least in part — a nuclear attack. While progress in developing the network was initially slow, by the 1980s, improvements in programming, technology and infrastructure — combined with increasingly accessible connections and affordable personal computers — were quickly cascading into what would become the Internet as we know it today.

Along the way, the challenges evolved. Technical hurdles early on were all about making the connections work (developing protocols, perfecting packet-switching, etc). It was only in the 1990s that the World Wide Web architecture we know today really took off. While the rapid growth of the Internet (numbers of users, the power or processors, connection speeds) continues apace, the nature of its growth is becoming increasingly organic, as users explore what is possible within connections that already exist.

The Nature of the Internet

The Internet itself is a fairly neutral environment: It is defined, more than anything, by its individual users, who create virtual extensions of themselves, their ideologies and their societies. In many ways, creating human connections is what the Internet is all about. Social networking sites such as Facebook and MySpace allow Internet users to connect with disparate individuals and groups around the world. Connectivity outside of centralized Web sites is also growing rapidly; simply having a connection to the Internet potentially allows one person to interact with every other Internet user.

This has profound implications for both groups and individuals. The Internet can be a powerful facilitator of mass “grassroots” movements that can become forces to reckon with in everything from presidential elections to transnational radical Islamism. Just as the Internet allows Beijing to monitor and disseminate its views to users across China, those users — and expatriates abroad — can use the very same system to coordinate campaigns to undermine Beijing’s efforts. Indeed, the global Internet may be one of the greatest threats to the Communist central government. The accessibility of information on the Internet also allows a single user to learn from the conglomerated lessons of many. This can manifest itself in powerful new online research tools. It can just as easily be found on YouTube, a video hosting Web site where budding hackers can learn the tricks of the trade.

Ultimately, this sort of utility translates into a structural vulnerability that will only increase as the Internet further evolves. As it becomes ever more critical in everyday life, the Internet is likely to be exploited by groups and governments to achieve their strategic goals. This dynamic is the keystone of cyberwarfare.

Cyberwarfare

Cyberwarfare is a broad category. For our purposes here, we are using the term to encompass significant geopolitical conflict in cyberspace usually involving at least one nation-state or its critical infrastructure. Cyberwarfare can be a principal avenue for attack in and of itself or it can be used in a supporting manner, to aid operations in other domains. Cyberwarfare has five noteworthy characteristics:

It provides an extremely dynamic and utterly new battlespace. It makes range obsolete. Its operations are typically decentralized and anonymous. It places great importance on the offense. It has low entry costs and can give great power to the individual user of the Internet.

Although the word “cyber” suggests “virtual,” or not existing in actual fact or form, cyberspace does have its physical aspects — e.g., computers, servers, fiber-optic cables, network switches and, most important, the connections that make the Internet global, like the immense undersea cable network that stretches around the world. While one of these cables may run from New Jersey to Cornwall, the transmission of data can take place almost instantaneously. U.S. military dominance of the globe rests in no small part on its unparalleled and unprecedented ability to sustain complex logistical links around the globe. In cyberwarfare, the only link the warrior needs to worry about is his or her connection to the global network. Some countries admittedly are far more connected than others. This makes their connections redundant and, generally, they enjoy broader bandwidth. But it also makes them more accessible to those with malicious intent.

Because cyberspace makes range obsolete, an attacker can muster resources from all over the world and bring them to bear in an instant, often with little that could serve as an early warning amid the clutter of day-to-day Internet traffic. The Pentagon alone defends against hundreds — sometimes thousands — of such attacks each day, several of which succeed at some level in penetrating the network. While this clearly demonstrates that a mature network security system can stand up to a great deal of punishment, it takes time to recognize and react to a coordinated and comprehensive attack. Such an attack may come from thousands of remotely controlled computers from around the world and be well under way before a coherent response can be mounted. And none of the computers directly involved in such an attack necessarily has to belong to the attacker. One of the early purposes of computer networking was to share computers as a resource. Malicious hackers have learned how to do much the same thing by infecting and hijacking other computers, unbeknownst to their owners, in order to harness and redirect their processing power.

As interconnected as the Internet is — and with broadband connections and powerful personal computers increasingly affordable — the greatest limitation to the use of the Internet in cyberwarfare may be individual experience and skill. As we continue our look at cyberwarfare, we will focus first not on the amalgamated resources of a national actor but on the innumerable discrete actors that populate cyberspace.

SummaryMost Internet “hackers” who are sufficiently capable to engage in cyberwarfare have little real affiliation with states (regardless of their citizenship in the real world). Skilled cyberwarriors can be fiercely individualistic and anonymous, though several broad classifications help give definition to the community and highlight some of the major types of actors in cyberspace.

Editor’s note: This is part of a series of analyses on the emergence of cyberspace as battlespace.

Before considering the role of a state’s power in cyberspace, it is important to identify and understand the transnational actors who populate it — particularly those who can manipulate the environment. The Internet is an environment defined by its users, and the average user is utterly powerless in terms of cyberwarfare — i.e., wreaking havoc on governments and institutions. But there are some individual actors who wield considerable power. Even average users can contribute unwittingly to this power, serving as conduits for destructive worms and viruses that can hijack individual computers and servers.

As the rise of al Qaeda has reminded the world of the power of the nonstate actor, so too has the rise of the individual hacker. The most powerful lone-wolf hacker may have even less grounding in the traditional political landscape than a motivated jihadist — and is perhaps even less likely to be affiliated with a national government.

A hacker can be many things. For our purposes here, it is someone with sufficient understanding, skill and experience in the nuances and inner workings of computer systems and networks to be able to wield meaningful power and influence events in cyberspace — even if only in concert with others. Such a person must then actively choose to exercise that capability and act boldly on that stage (hacking is almost universally illegal).

A given hacker’s ideology may be flexible or rigid, but the potential power of these individuals does raise new questions about national allegiance. The United States, for example, has dealt with nonstate actors as proxies for decades (e.g., the Afghan mujahideen). Computer hackers are another matter. Often strongly individualistic (and occasionally anarchistic), the smartest and most skilled are not necessarily interested in — or eligible for — work inside government agencies or the military (one of the core tenets of the so-called “Hacker Ethic” is that authority is not to be trusted). A country must consider these “free agents” inside its borders as well as those outside. Often indifferent to matters of state, a hacker’s attention can quickly turn and become an asset or a threat to state authority.

Black HatsThe most threatening hackers are known as black hats, or “dark side” hackers. These are hackers whose primary activities and intentions are malicious and often criminal. Black hats attempt to locate, identify and exploit security gaps or flaws within operating systems, computers and networks in order to gain control of them, steal information, destroy data or orchestrate other illicit activities. Once access to a system has been obtained, a black hat may take measures to establish continued covert access.

White HatsThe antithesis of the black hat is the white-hat hacker, also known as an “ethical” or a “sneaker.” White hats are ethically opposed to the abuse or misuse of computer systems. Like their black-hat counterparts, white hats actively search for flaws within computer systems and networks. These efforts often occur with systems in which a white hat has a vested interest or of which they have substantial knowledge. They distinguish themselves by either repairing or patching these vulnerabilities or alerting the administrator of the system or the designer of the software. Basically, white hats attempt to maintain security within the Internet and its connected systems.

However, some altruistic white-hat pursuits can appear to be quite malicious. A white hat may act with whatever he or she considers a “higher purpose.” The inherent conflict of white and black hat activities can also lead to online bouts between the two classes, in which both sides might use malicious tools to disconnect each other from the system or network. This may involve “back-hacking” — tracing the source of activity and infecting or attempting to disable the other hacker’s connection or system.

Other HatsOther hackers “wear” colored or hybrid hats. Grey hats, for example, are a blend of the black hat and the white hat. Drawing on experience from both sides can make for a very robust skill set. Computer security professionals are often known as blue hats. Their activities are not unlike those of white hats but are more focused on the interests of paying customers. Hackers wear an assortment of other colored hats, and not all warrant definition here. We mention them only to illustrate the many shades and nuances found in the hacker community.

CybermercenariesGenerally a black hat, a cybermercenary is an expert hacker for hire. For the right price, cybermercenaries can bring a considerable amount of resources to bear on a target. They are occasionally contracted to assist in network defense, though, as a general rule, cybermercenaries specialize in offensive and malicious acts: conducting denial of service (DoS) and distributed denial of service (DDoS) attacks; disabling, altering or defacing Web sites; electronic espionage; data theft or destruction; network warfare; and wholesale cyberwarfare. At times, the cybermercenary can be found supporting or conducting portions of a significant cyberwarfare strike (such strikes can be particularly manpower-intensive).

CyberterroristsSome observers don’t consider this a true category of hacker, since cyberwarfare attacks rarely inflict the kind of direct, physical damage associated with terrorism. Stratfor is not interested in this particular debate. We include the term simply to highlight the potential for cyberwarfare strikes to have an objective not of destroying data or bringing down a financial network but of creating conditions that may directly contribute to significant loss of life (e.g., hacking into an air traffic control grid), with that loss of life being the principal objective.

CodersMany of the hackers described above are also coders, or “writers,” who create viruses, worms, Trojans, bot protocols and other destructive “malware” tools used by hackers. The ability to write computer code can be an invaluable skill for any hacker, though most coders focus specifically on the design of new and continually evolving software that makes Internet security an ongoing challenge.

CrackersCrackers are hackers who circumvent or bypass copyright protection on software and digital media. The most prominent recent example of cracking was the “unlocking” of Apple’s iPhones in order to break software-imposed restrictions on the use of GSM cellular networks other than AT&T (which made a deal with Apple to be the sole provider of iPhone service). Of course, cracking has significant ramifications well beyond simply accessing the latest gadget. It also means that, regardless of whether a released software program has copyright protection, there are crackers diligently working to beat it. By making these programs and applications more available, crackers also increase the number of tools available to the online community.

Script KiddiesScript kiddies represent an intermediate category of actor between regular computer user and hacker. A script kiddie is more knowledgeable about computers and the Internet than most users but has yet to develop the skills, experience and expertise to be a truly effective actor. Nevertheless, a script kiddie can have an impact on the wider online world. Prewritten programs accessible on the Internet can enable the less-skilled to perform many of the same functions as a seasoned hacker. Script kiddies know just enough to get themselves in real trouble or to bring real trouble to bear on others.

Bots and ZombiesNot all actors in cyberspace are human. This is not to classify every server and application in cyberspace as an actor. But there is a unique non-human actor in cyberspace known as a zombie, which is a computer wholly or partially controlled by a bot. A bot, for our purposes, is a parasitic program that hijacks a networked computer and uses it to carry out automated tasks on behalf of a hacker. Individual bots can be building blocks for powerful conglomerations of bots.

Such a gathering of bots is often accomplished by a bot herder, also known as a bot wrangler, which is a program designed to produce bots autonomously (a tedious and time-consuming process for a human hacker). A bot herder can replicate itself and create additional bot herders as well as bots. By using these wranglers, hackers can construct massive networks of bots and use these herders essentially as command and control nodes.

Once many bots and bot herders have been amassed, they can be consolidated into a collective computing network called a botnet, also called a “bot army.” This allows a single hacker to wield simultaneously the computing power of many thousands of machines — or more — and accomplish tasks that would otherwise be impossible with a single computer. Among these tasks are launching DDoS attacks, which can shut down Web sites, servers and backbone nodes; generating massive emailing and spamming campaigns; and disseminating viruses. Once these botnets are established, it can be extremely difficult to disband them and counter their decentralized attacks.

This is only a quick snapshot of the cyberspace population that at times transcends traditional geopolitical concepts like citizenship, national loyalty and international borders. Some countries and transnational groups are better at harnessing such individuals, either within their own borders or beyond. But most hackers also have ideological bents of their own.

SummaryThe online hacker community is strongly individualistic, though it does exhibit a number of characteristic ideologies. An ideological underpinning is not a prerequisite to being a hacker, and many ideologies are not mutually exclusive. Any one actor might subscribe to none, many or a unique amalgam. But these basic ideologies should be considered and understood in any meaningful discussion of cyberwarfare.

Editor’s note: This is one in a series of analyses on the emergence of cyberspace as battlespace.

The personal motivations driving individual hackers are virtually infinite. But there are a handful of dominant ideologies that can offer insight into the mindsets and motivations of much of the larger hacker community. Not all hackers subscribe to or are driven by these beliefs, but most are shaped or affected by them in some fashion.

Any discussion of these ideologies must begin with the basic Hacker Ethic, the founding principle of the hacker community.

Hacker EthicInterpretation of this ethic can vary, but it essentially entails the following beliefs:

Information should be free and accessible to all. Access to computers should be unlimited. Computers and the Internet can be a force for the betterment of humanity. Authority is not to be trusted. The principle of decentralization goes hand-in-hand with all of the above. These fundamental principles, and variations thereof, are commonly held in the hacker community and have evolved over time into some of the ideologies described below.

ExplorationThe basic principles of exploration — an outgrowth of the Hacker Ethic and the first ideology many hackers adopt — are to look into every corner of the Internet and bypass any security simply for the sake of improving skills and learning how to navigate cyberspace covertly. In the process, explorationists generally try to leave no trace and to avoid any damage to the system (which would, inherently, be evidence of their intrusion). Many of this ideology’s tenets originate from newer versions of the Hacker Ethic — especially the white-hat version, which emphasizes benevolent rather than malevolent actions.

InformationismAnother outgrowth of the original Hacker Ethic is informationism, which holds that information should be allowed to flow freely throughout the Internet and, by extension, throughout all human societies. Hackers who embrace this ideology often have specific areas of interest they monitor to identify developments and actors that they might percieve to be limiting the free flow of information. Once these hackers identify constraints, they attempt to remove them by a variety of means, from simply rerouting data to removing security protocols to staging comprehensive network attacks — essentially making that information free through force.

AltruismThe tenets of altruism vary greatly, depending on the person subscribing to it, but often they are based on an individual’s beliefs regarding the Internet and are often associated with what are considered positive actions intended to serve a perceived public good. These tenets can include the free flow of information, security preservation and user protection. In some ways, altruism can be understood as a variation of the Hacker Ethic with a benevolent bent. But because it all comes down to a personal perception and world view, “altruistic” hackers may sometimes perform actions that seem quite malicious to others (e.g., shutting down Web sites that are believed to be blocking the free flow of information).

HacktivismHacktivism promotes the use of hacking to accomplish political goals or advance political ideologies. Depending on the campaign, these actions may involve both white-hat hackers and black-hat hackers and can include Web site defacement, redirects, DoS attacks, virtual sit-ins and electronic sabotage. Many hacktivist actions often fall under the media radar but their political, economic, military and public impact can be significant.

NationalismAlthough a rare hacker ideology, nationalism can envelop large portions of the community given the right cause or circumstance. By their very nature, hackers are individualists who rarely pledge allegiance to other hackers or groups, let alone countries. This is partially due to the fact that the Internet itself and the hacker community it supports have their own cultural elements — indeed, some of the other motivations discussed above often supersede or transcend national identity. There are situations, however, when hackers can be motivated to act in what they perceive to be the best interests of their respective nations. When these situations arise, powerful alliances can quickly emerge that often possess greater capabilities and resources than many developed nations. This ideology is particularly relevant to cyberwarfare.

An outgrowth of nationalism is an ideology not often discussed: when hackers unite to protect not their nation but their community. Thus far, sufficiently explosive or inspiring conditions to unify such a disparate community have been rare. But the potential remains — and is perhaps growing greater in an increasingly wired world.

Rally Around the FlagMuch like nationalism, the “rally around the flag” ideology is rare in the hacker community, but when it emerges and builds a large following it can yield a significant power. Basically, rally around the flag refers to any situation that mobilizes large numbers of hackers behind a particular cause. The cause can vary or be governed by any number of ideological motives, but it is usually a cause that is sufficiently controversial or out of the ordinary to spark outrage and reprisal. Both nationalism and rally around the flag exemplify how certain ideologies can quickly join subnational and transnational hacker groups into fleeting alliances that can bring great force to bear on a target.

In these last two categories, the significance of the ideological motivation is the unifying factor. Once the skills and resources of a particular online demographic are amassed, a broad spectrum of attacks and targets are possible. One notable example was in 1999 during the NATO intervention in Kosovo, when Serbian hackers reportedly began carrying out attacks — from vandalism to larger distributed denial-of-service attacks — against all manner of targets in NATO member states. After the accidental bombing of the Chinese Embassy, a second upsurge in attacks against targets in NATO countries began. The most recent example — and one of the most mature instances of the disruptive effect of this kind of incident — was the Estonian cyberwar in 2007.

SummaryOne of the most mature instances of a cyberwarfare attack was an assault on Internet networks in Estonia in late April and early May of 2007. The Russian government was suspected of participating in — if not instigating — the attack, which featured some of the key characteristics of cyberwarfare, including decentralization and anonymity.

Editor’s note: This is part of a series of analyses on the emergence of cyberspace as battlespace.

During the night of April 26-27, 2007, in downtown Tallinn, Estonia, government workers took down and moved a Soviet-era monument commemorating World War II called the Bronze Soldier, despite the protests of some 500 ethnic Russian Estonians. For the Kremlin — and Russians in general — such a move in a former Soviet republic was blasphemy.

It was also just the kind emotional flash point that could spark a “nationalistic” or “rally-around-the-flag” movement in cyberspace. By 10 p.m. local time on April 26, 2007, digital intruders began probing Estonian Internet networks, looking for weak points and marshaling resources for an all-out assault. Bursts of data were sent to important nodes and servers to determine their maximum capacity — a capacity that the attackers would later exceed with floods of data, crashing servers and clogging connections.

A concerted cyberwarfare attack on Estonia was under way, one that would eventually bring the functioning of government, banks, media and other institutions to a virtual standstill and ultimately involve more than a million computers from some 75 countries (including some of Estonia’s NATO allies). Estonia was a uniquely vulnerable target. Extremely wired, despite its recent status as a Soviet republic, Estonian society had grown dependent on the Internet for virtually all the administrative workings of everyday life — communications, financial transactions, news, shopping, restaurant reservations, theater tickets and bill paying. Even parliamentary votes were conducted online. When Estonia’s independence from the Soviet Union was restored in 1991, not even telephone connections were reliable or widely available. Today, more than 60 percent of the population owns a cell phone, and Internet usage is already on par with Western European nations. In 2000, Estonia’s parliament declared Internet access a basic human right.

Some of the first targets of the attack were the Estonian parliament’s e-mail servers and networks. A flood of junk e-mails, messages and data caused the servers to crash, along with several important Web sites. After disabling this primary line of communications among Estonian politicians, some of the hackers hijacked Web sites of the Reform Party, along with sites belonging to several other political groups. Once they gained control of the sites, hackers posted a fake letter from Estonian Prime Minister Andrus Ansip apologizing for ordering the removal of the World War II monument.

By April 29, 2007, massive data surges were pressing the networks and rapidly approaching the limits of routers and switches across the country. Even though not all individual servers were taken completely offline, the entire Internet system in Estonia became so preoccupied with protecting itself that it could scarcely function.

During the first wave of the assault, network security specialists attempted to erect barriers and firewalls to protect primary targets. As the attacks increased in frequency and force, these barriers began to crumble.

Seeking reinforcements, Hillar Aarelaid, chief security officer for Estonia’s Computer Emergency Response Team, began calling on contacts from Finland, Germany, Slovenia and other countries to assemble a team of hackers and computer experts to defend the country. Over the next several days, many government ministry and political party Web sites were attacked, resulting either in misinformation being spread or the sites being made partially or completely inaccessible.

After hitting the government and political infrastructure, hackers took aim at other critical institutions. Several denial-of-service attacks forced two major banks to suspend operations and resulted in the loss of millions of dollars (90 percent of all banking transactions in Estonia occur via the Internet). To amplify the disruption caused by the initial operation, hackers turned toward media outlets and began denying reader and viewer access to roughly half the major news organizations in the country. This not only complicated life for Estonians but also denied information to the rest of the world about the ongoing cyberwar. By now, Aarelaid and his team had gradually managed to block access to many of the hackers’ targets and restored a degree of stability within the networks.

Then on May 9, the day Russia celebrates victory over Nazi Germany, the cyberwar on Estonia intensified. Many times the size of the previous days’ incursions, the attacks may have involved newly recruited cybermercenaries and their bot armies. More than 50 Web sites and servers may have been disabled at once, with a data stream crippling many other parts of the system. This continued until late in the evening of May 10, perhaps when the rented time on the botnets and cybermercenaries’ contracts expired. After May 10, the attacks slowly decreased as Aarelaid managed to take the botnets offline by working with phone companies and Internet service providers to trace back the IP addresses of attacking computers and shut down their Internet service connections.

During the defense of Estonia’s Internet system, many of the computers used in the attacks were traced back to computers in Russian government offices. What could not be determined was whether these computers were simply “zombies” hijacked by bots and were not under the control of the Russian government or whether they were actively being used by government personnel.

Although Estonia was uniquely vulnerable to a cyberwarfare attack, the campaign in April and May of 2007 should be understood more as a sign of things to come in the broader developed world. The lessons learned were significant and universal. Any country that relies on the Internet to support many critical, as well as mundane day-to-day, functions can be severely disrupted by a well-orchestrated attack. Estonia, for one, is unlikely ever to reduce its reliance on the Internet, but it will undoubtedly try to develop safeguards to better protect itself (such as filters that restrict internal traffic in a crisis and deny anyone in another country access to domestic servers). Meanwhile, the hacker community will work diligently to figure out a way around the safeguards.

One thing is certain: Cyberattacks like the 2007 assault on Estonia will become more common in an increasingly networked world, which will have to learn — no doubt the hard way — how to reduce vulnerability and more effectively respond to such attacks. Perhaps most significant is the reminder Estonia provides that cyberspace definitely favors offensive operations.

Counterfeit tech items from ChinaCounterfeit products originating from China are not a new problem. Everything from fake iPods to imitation name-brand purses have been sold to unwitting American shoppers. Now, solving the problem has taken on new urgency amid revelations that U.S. government agencies and military branches have bought millions of dollars of counterfeit Cisco networking equipment from China. According to an unclassified PowerPoint presentation circulating within the FBI, government entities that have purchased counterfeit equipment include the U.S. Naval Academy, the U.S. Naval Air Warfare Center, the U.S. Naval Undersea Warfare Center, the U.S. Marine Corps, the U.S. Air Force, the Federal Aviation Administration, numerous defense contractors such as Lockheed Martin and Raytheon, and even the FBI itself.

The counterfeit purchases were largely the result of government buyers trying to obtain high-end equipment for the lowest bid. The nightmare scenario is that U.S. government computer networks assumed secure might be hopelessly compromised with virtual back doors, which could allow the People’s Republic of China to monitor network traffic and even interfere with network operation. The FBI is currently trying to determine the motives of the counterfeiters, and while “profit” is the hoped-for answer, espionage cannot be ruled out at this time.

Today's post on the Iran thread about Iran planning a nuke EMP pulse attack over the US wiping out electronics makes thie following all the more pertinent:========================

Geopolitical Diary: Cyberwarfare Beginning To Take Center StageJuly 30, 2008 | 0152 GMT2008 has seen an increasingly public acknowledgment by the U.S. intelligence community of the cyberwarfare threat. A report by Defense News on Tuesday highlighted the recent emergence of significant bipartisan congressional support by the powerful U.S. House Permanent Select Committee on Intelligence for a White House initiative on comprehensive national cybersecurity. Though public details are vague, the initiative seeks to improve computer security holistically across the military and government, while better hardening critical infrastructure against cyberattack. The intent is to create architecture that is also open to participation by business and the public.

Related Special Topic PagesCyberwarfare It has long been abundantly clear that computers and especially the global connectivity of the Internet have been, as a whole, one of the most radical and far-reaching inventions in human history. High technology has changed the way business is done and the way humans personally connect and interact. Already we see jihadists using the Internet as a tool for manipulating public perception, coordinating operations and even sharing tactics, training and practices. At the same time, cyberspace has opened new avenues for espionage and crime alike. The free flow of information across international boundaries has influenced color revolutions in countries like Ukraine and precipitated the fall of governments.

But while the geopolitical significance of cyberspace is undeniable, its exploitation in global conflict — cyberwarfare — has largely been limited and deniable. Both the Pentagon’s exercise of cyberwarfare in Kosovo in 1999 and the potential use of it by Israel as part of its raid on Syria in September 2007 is the stuff of speculation. The world has yet to see the comprehensive military exploitation of cyberspace in international conflict.

This is an enormous concern, and though the U.S. Air Force is working to consolidate its cyberwarfare efforts under the aegis of a new Cyber Command, the Pentagon does not have anything close to the established dominance that it enjoys in more traditional domains.

For example, some experts claim that the massive 2004 blackout in the American northeast was precipitated by a Chinese hacker tinkering with systems relevant to the power grid. In 2007, in what has become one of the few true case studies in cyberwarfare, a massive cyberattack brought Estonia to a standstill in the wake of the controversial relocation of a Soviet World War II memorial. (And despite its recent status as a Soviet republic, Estonia is no poorly connected backwater. In fact, it is an exceptionally “wired” country by any standard — which contributed heavily to the effectiveness of the attack.)

At the time, the government was unable to communicate efficiently. Attacks on government websites were interspersed with disinformation and fraudulent postings. Though not everyone or everything was targeted, Estonia’s entire Internet infrastructure was so overloaded with traffic and preoccupied with defending itself that it essentially ceased to function — bringing corporate banking, access to the media and even day-to-day personal transactions to a halt.

Reports on the Estonian incident suggest that the attacks ultimately involved more than a million computers from some 75 countries (including some of Estonia’s NATO allies). And while nationalist fervor on the Russian side certainly played a part in rallying independent hackers, there is little doubt that the Kremlin was involved.

There are several interrelated points here:

Cyberwarfare has the potential to bring a country to an economic standstill on par with that experienced by the United States in the days following the 9/11 attacks. Offensive actions in cyberspace often provide a great deal of deniability. It is a smart weapon of choice for inflicting blows without engaging in a shooting war. The connectivity and computing power of systems and servers inside a country and allied countries can be co-opted and used in very simple but often all too effective brute-force attacks. An attack can be executed from almost anywhere in the world without consideration for strategic geographic buffers and otherwise insurmountable distances. The list goes on, but the underlying point is that cyberspace is a domain in which many of the traditional considerations of geopolitical conflict are fundamentally altered — if not obviated all together (e.g. geography may not matter, resources can be amassed largely undetected and the primary form of damage may be economic rather than physical).

As the unchallenged and the sole superpower, the United States is the obvious target because symmetrical competition is often inconceivable. Cyberwarfare efforts are under way in many countries around the world (including Russia), but China is widely considered to have the most advanced and robust capability.

Currently, assaults on U.S. systems (corporate, government and military alike) from all over the world occur daily. But there can be little doubt that in a significant escalation of hostilities with a country like Russia or China, such blows will be felt at home even if the conventional conflict may be thousands of miles away.

Keeping conflict an ocean and half a world away has been a core geopolitical imperative for Washington since the beginning. It is the root of the Monroe Doctrine and the reason why Soviet missiles in Cuba were so unacceptable. The very nature of the Internet thus makes comprehensive national cybersecurity at home a geopolitically relevant national interest.

In the 1960s, the Pentagon looked for a secure way to keep its lines of communication going in the event of all-out war. The interlinked packet networks of computers became the Internet. Fast-forward to today, and that system of open protocols brings the enormous benefits of the Web to civilian life. But the Web has also become an open field for cyber warriors seeking to harm the U.S.

We're only now realizing that many of these attacks have happened, as evidence mounts that outsiders accessed sensitive government networks and other databases. A report based on closed-door information about cyber attacks reached a sobering conclusion: Foreign governments and terrorist groups are focused on cyber offensives in a "battle we are losing."

Last week's Center for Strategic and International Studies report disclosed that the departments of Defense, State, Homeland Security and Commerce all have had intrusions by unknown foreign entities. The Pentagon's computers are probed "hundreds of thousands of times each day." An official at the State Department says terabytes of its information have been compromised. The Commerce Department's Bureau of Industry and Security had to go offline for several months. NASA has stopped using email before shuttle launches. Jihadist hackers are trying to confuse military computers into mistaking the identities of friendly and unfriendly forces in Afghanistan and Iraq.

The quasigovernmental commission revealing these cyber attacks is made up of private-sector information executives, military and intelligence officials, and two members of Congress. The study found that no department knew the extent of damage done to other departments. The extent of the harm is not known.

"The organization of the federal government, which dates to the 1930s or earlier, is part of the reason we are vulnerable," says the report. "Our industrial-age organization makes a cyber-dependent government vulnerable and inefficient. A collection of hierarchical 'stovepipes' is easier to attack and harder to defend because security programs are not of equal strength (the weakest link compromises all) and stovepiped defenders cannot appreciate the scope of, and respond well to, a multiagency attack."

As the first to build out an Internet grid, the U.S. is more vulnerable than countries that have built their infrastructure later. China, for example, constructed its Internet much later, on a more secure set of protocols. "Many Americans believe that our nation still leads in cyberspace, just as many Americans in 1957 believed that the U.S. led in space until a Soviet satellite appeared over their heads," the study says.

It's telling that the U.S. doesn't have a publicly stated doctrine on cyber defense that warns enemies and commits to taking action in response. Likening today's issues to the Cold War, the report says there should be clear rules about who will be punished how for what. It's in the nature of cyber attacks that it's hard to know exactly who's responsible, but some response must be made. "These uncertainties limit the value of deterrence for cybersecurity," the report says. "The deterrent effect of an unknown doctrine is quite limited."

Bush Blinks on the Auto Bailout – Paul IngrassiaThe Fed Still Has Plenty of Ammunition – Frederic S. MishkinIt's Time to Junk the Electoral College – Jonathan SorosOne problem is that Russia and China are the main suspects, but the U.S. defense establishment hesitates to say so too loudly. It's true that few cyber attackers are ever clearly identified. No one knows for sure who brought down the Internet in Estonia in 2007, when Moscow was outraged when a Soviet-era war memorial was relocated in Tallinn. Or who was behind the cyber attacks that virtually shut down government communications and financial transactions in the former Soviet republic of Georgia earlier this year. Likewise, many foreign visitors had their PCs and BlackBerrys compromised during the Olympics in Beijing, where cybersnooping equipment is widely available.

Data are lost, communications are compromised, and "denial of service" attacks bring down selected Web sites and national networks. Supposedly confidential corporate information, the report warns, is almost certainly being hacked. As more individuals and companies rely on "cloud computing" -- storing information and services such as email remotely on supposedly secure servers -- foreign intelligence agencies and commercial snoops may have access.

A former official at Darpa, the Pentagon research agency that launched the Web, testified to Congress last year that a major cyber attack on the U.S. could knock out electricity, banking and digital-based communications. Americans would be left rooting around for food and water, trading with one another for firewood (presumably not on eBay). Even if end-of-the-world visions are overdone, it's past time to assess risks and justify countermeasures.

The report has recommendations for the Obama administration, including a new government structure for cyber protection and working more closely with the private sector on security research. The broader point is that it's about time that we knew the extent of the cyberwarring against us. The first step to fighting back is to admit that there's a fight on.

SummaryWith its vast population and internal-security concerns, China could well have the most extensive and aggressive cyberwarfare capability in the world. This may bode well for China as it strives to become a global power, but it does not engender a business-friendly environment for foreign companies and individuals in China, where there is no such thing as proprietary information. From within or without, defending against China’s cyberwarfare capability is a daunting task.

AnalysisIn late 2008, rumors began circulating that the Chinese government, beginning in May 2009, would require foreign companies operating in China to submit their computer security technology for government approval. Details were vague, but the implication was that computer encryption inside China would become essentially useless. By giving away such information — the type of encryption systems they use and how they are implemented — companies would be showing the Chinese government how to penetrate their computer systems. It is not uncommon for governments and militaries operating on foreign soil to be required to do this, but it is unusual for private companies. (Of course, many governments, such as the United States, refuse to relinquish secure communications even when they have a diplomatic presence in a friendly nation, such as the United Kingdom.)

There is nothing sacred about information in China, where the cyberwarfare capability is deep, pervasive and a threat not only to foreign governments and militaries but also foreign corporations and individuals. STRATFOR sources tell us that the Chinese government already has pertinent information on all Taiwanese citizens of interest to China, a database that could easily be expanded to include other foreign nationals. The Chinese government can decipher most types of encrypted e-mails and documents, and China’s Internet spy network is thought to be the most extensive — if not the most creative — in the world. The government’s strongest tactic is a vast network of “bots” — parasitic software programs that allow their users to hijack networked computers. Individual bots can be building blocks for powerful conglomerations known as “botnets” or “bot armies,” which are fairly conventional formations engaged in a game of numbers not unlike traditional Chinese espionage. It is not the most innovative form of cyberwarfare, but China wields this relatively blunt instrument very effectively.

Indeed, China may well have the most extensive cyberwarfare capability in the world and the willingness to use it more aggressively than any other country. Such capability and intent are based on two key factors. One is the sheer size of China’s population, which is large enough to apply capable manpower to such a pervasive, people-intensive undertaking. In other words, one reason they do it is because they can.

Related Special Topic PageCyberwarfare Another is the Chinese government’s innate paranoia about internal security, born of the constant challenge of extending central rule over a vast territory. This paranoia drove Beijing to build the “Great Firewall,” an ability to control Internet activity inside the country. (Virtually all information coming into and out of China is filtered and can be cut off by the flip of a switch.) This amount of control over the information infrastructure far surpasses the control that the United States and other Western countries — or even Russia — can wield over their infrastructures.

While much of China’s Internet spying is aimed at Taiwan, it is also driven by Beijing’s desire for global-power status. With the United States and Russia both investing in offensive and defensive cyberwarfare capability, China has a vested interest in applying its strengths and devoting its resources to staying ahead of the pack and not being caught in the middle. With its information infrastructure under tight governmental control, China can leverage its massive manpower resources in a manner that allows it to conduct far more direct and holistic cyberwarfare operations than any other country.

Today, with current technology, the Chinese government can hack into most anything, even without information on specific encryption programs. It can do this not only by breaking codes but also through less elaborate means, such as capturing information upstream on Internet servers, which, in China, are all controlled by the government and its security apparatus. If a foreign company is operating in China, it is almost a given that its entire computer system is or will be compromised. If companies or individuals are using the Internet in China, there is an extremely strong possibility that several extensive bots have already infiltrated their systems. STRATFOR sources in the Chinese hotel industry tell of extensive Internet networks in hotels that are tied directly to the Public Security Bureau (PSB, the Chinese version of the FBI). During the 2008 Olympics, Western hotel chains were asked to install special Internet monitoring devices that would give the PSB even more access to Internet activities.

The Chinese Internet spy network relies heavily on bots. Many Chinese Web sites have these embedded bots, and simply logging on to a Web site could trigger the download of a bot onto the host computer. Given that the Internet in China is centrally controlled by the government, these bots likely are on many common Web sites, including English-language news sites and expatriate blogs. It is important to note that the Chinese cyberwarfare capability is not limited by geography. The government can break into Web sites anywhere in the world to install bots.

China has invested considerable time and resources to developing its bot armies, focusing on quantity rather than quality and shying away from more creative forms of hacking such as SQL injections (injecting code to exploit a security vulnerability) and next-generation remote exploits (in such features as chat software and online games). The best thing about bots is that they are easy to spread. An extensive bot army, for example, can be employed both externally and internally, which puts China at a distinct advantage. If Beijing wanted to cut its Internet access to the rest of the world in a crisis scenario, it could still spy on computers beyond its national boundaries, with bots installed on computers around the world. The upkeep of the spy network could easily be accomplished by a few people operating outside of China. By comparison, according to STRATFOR Internet security sources, the United States does not have the ability to shut down its Internet network in a time of crisis, nor could it get into China’s network if it were shut down.

A bot army might be a large, blunt instrument, but finding a bot on a computer can be a Herculean task, beyond the capabilities of some of the most Internet-savvy people. Moreover, the Chinese have started to make their bots “user-friendly.” When bots were first introduced, they could slow down computer operating systems, eventually leading the computer user to reinstall the hard drive (and thus killing the bot). Sources say that Chinese bots now can be so efficient they actually make many computers run better by cleaning up the hard drive, trying to resolve conflicts and so on. They are like invisible computer housecleaners tidying things up and keeping users satisfied. The payment for this housecleaning, of course, is intelligence.

In addition to bots and other malware, the Chinese have many other ways to expand their Internet spy network. A great deal of the computer chips and other hardware used in manufacturing computers for Western companies and governments are made in China; and these components often come from the factory loaded with malware. It is also common for USB flash drives to come from the factory infected. These components make their way into all manner of computers operating in major Western companies and governments, even the Pentagon (which recently was forced to ban the use of USB thumb drives because of a computer security incident).

Recently, a STRATFOR source who formerly worked in Australia’s government was surprised that the Australian government was considering giving a national broadband contract to the Chinese telecommunications equipment maker Huawei Technologies, which is known to have ties to the Chinese government and military. Huawei was the subject of a U.S. investigation that eventually led it to withdraw a joint $2.2 billion bid to buy a stake in 3Com, a U.S. Internet router and networking company. Other STRATFOR sources are wary of Huawei’s relationship with the U.S. company Symantec, maker of popular anti-virus and anti-spyware programs.

For companies operating in China, the best course of action is simply to leave any sensitive materials outside of China and not allow computer networks inside China to come into contact with sensitive materials. A satellite connection would help mitigate the possibility of intrusion from targeted direct hacking, but such networks are not extensive in China and move data fairly slowly. It is really not a matter of what kind of network to use. Although there have been no reports of a next-generation 3G network being hacked in any country, the Chinese government can still access the traffic on the network because it owns the physical infrastructure — telephone wires and poles, fiber optics, switching stations — and maintains tight control over it. Moreover, most 3G-enabled devices also use Bluetooth, which is extremely vulnerable to attack. And neither 3G nor satellite connections necessarily reduce the threat from bots that are propagated over e-mail or by Web-browser exploits. In the end, if your computer or other data device is infected with malware, a secure network provides very little solace.

Even when a foreign traveler leaves sensitive materials at home, there is no guarantee of their safety. The pervasive Chinese bot armies are a formidable foe, and they frequently attack networks and systems in almost every part of the world (the Pentagon defends against thousands of such attacks every day). Although China lacks a certain innovative finesse when it comes to cyberwarfare, it has a massive program with a wide reach. Combating it, from within or without, is a daunting task for any individual, company or superpower.

Extremist groups in Southeast Asia are increasingly using the Internet and social networking to radicalize the youth of the region, said a new security report released Friday.

Internet usage in Southeast Asia has exploded since 2000 and extremist groups have developed a sophisticated online presence, including professional media units.

"For extremist groups in our region, the internet is an increasingly important tool for recruitment to violence," said the report by the Australian Strategic Policy Institute and S. Rajaratnam School of International Studies in Singapore.

"Importantly, they aren't attacking only the West, but are drawing on their narrative to attack the governance arrangements of regional states," said the report titled "Countering internet radicalization in Southeast Asia" (www.aspi.org.au/).

The report said online extremism first appeared in Southeast Asia in early 2000, particularly in the Bahasa Indonesia and Bahasa Melayu language cyber-environment.

Since then Internet usage in the region has exploded and so too have extremist Web sites, chat rooms and blogs.

The number of radical and extremist Web sites in Bahasa Indonesia and Bahasa Melayu -- the official languages of Indonesia and Malaysia, which are very similar -- rose from 15 in 2007 to 117 in 2008.

Of those, sympathetic Web sites rose from 10 to 16 and sympathetic blogs and social networking rose from zero to 82.

Between 2006 and July 2007, radical regional websites have disseminated Al Qaeda and Southeast Asian militant group Jemaah Islamiah propaganda videos, pictures and statements, it said.

In Indonesia, which has battled extremist Muslim groups responsible for bombings, Internet usage rose from 2 million in 2000 to 20 million in January 2008.

The country now represents 80 to 90 percent of visitors to 10 radical and extremist Web sites in the region, said the report.

The Philippines, which has a Muslim insurgency, has seen Internet usage rise to 14 million from 2 million in 2000, Malaysia 14.9 million from 3.7 million and Thailand 8.5 million from 2.3 million in the same period.

"The Bahasa [Indonesia] and Malay language websites include sites manned by radical and extremist groups, Islamic boarding schools (pesantrens), and groups of individuals who sympathize with and support the ideology of violent jihad," said the report.

MEDIA SAVVY

One of the first appearances of a "tradecraft manual" was in August 2007 in the then forum, Jihad al-Firdaus. The forum had a section on electronic jihad, including several hacking manuals.

In 2008 the region's first sophisticated bomb-making manual and bomb-making video were posted on the Forum Al-Tawbah, which is registered in Shah Alam, Selangor and Malaysia, said the report.

But it said there had been no serious attempt to plan militant operations in these forums, adding further details of their activities were in private messages or personal emails.

Extremists were using a variety of technology to spread their message. "Blogs and personal social networking accounts provided more than half of the increase in 2008," said the report.

Militant groups have also become internet media savvy.

The Mujahidin Syura Council, an extremist group that claims to operate in southern Thailand, launched an official media wing in July 2008 as a blog on Google, said the report.

The Khattab Media Publication's blog is mainly written in Malay and was used to announce the start of a new military campaign, codenamed Operation Tawbah (Operation Repentance).

Another group, Hizbut Tahrir Indonesia, often produces high-quality videos of its activities and uploads them onto YouTube.

Many of the videos focus on the failings of the Indonesian government and the need to implement sharia law and establish an Islamic caliphate, said the report.

"Extremist groups without access to mainstream media place great value on having online media units to boost their reputations and recruit people via the internet," it said.

The report said that regional governments had done little to stop the rise of online radicalization, partly because attempts to regulate cyberspace have been a political minefield.

It said while Web sites inciting violence are subject to criminal laws in some countries, there are often no specific regulations covering the internet.

"Some governments don't want to appear un-Islamic by coming down hard on Islamist groups, and some don't want to appear undemocratic by seeming to rein in freedom of expression in cyberspace," it said. "The problem of online radicalization crosses national borders and will require a concerted international response."

Gentlemen," Henry Stimson once said, "don't read each other's mail." Neither do gentlemen hack into each other's computers, electric grids, military networks and other critical infrastructure.

MGM/UA/THE Kobal Collection'War Games,' 1983. Next time there won't be a happy ending.Ours is not a world of gentlemen.

Stimson was referring to cryptanalysis, or code-breaking, which he forbade as Herbert Hoover's Secretary of State. (He would revisit that opinion as Franklin Roosevelt's Secretary of War.) I am referring to Siobhan Gorman's front-page story in last Wednesday's Journal, in which she reported widespread cyberspying of the U.S. electricity grid, much of it apparently originating in China and Russia.

"Authorities investigating the intrusions," Ms. Gorman reported, "have found software tools left behind that could be used to destroy infrastructure components." A senior intelligence official told the Journal that, "If we go to war with them, they will try to turn them on."

To get a better sense of what all this is about, type the words "Cyber attack" and "generator" into YouTube. The first result should be a short clip from the Department of Homeland Security, leaked to CNN a couple of years ago, showing an electric generator under a simulated cyberattack at the Idaho National Laboratory. Within seconds the generator begins to shake violently. Within a minute, it's up in smoke.

Now imagine the attack being conducted against 60 large generators, simultaneously. Imagine, too, similar attacks against chemical plants, causing Bhopal-style toxic leaks. Imagine malicious software codes planted in U.S. weapons systems, which could lie undetected until triggered by a set of conditions similar to mobilization.

"It's as though we've entered something like the nuclear era without a Hiroshima," says Scott Borg, director and chief economist of the U.S. Cyber Consequences Unit, a nonprofit, nongovernmental organization that consults with government and industry about potential cyberattacks. "People aren't aware that everything has changed."

Today, the general perception of cyberattacks is that they amount to so much mischief-making by bored and spiteful 20-year-old computer geeks. Think of the 1998 Melissa computer virus. There's also some awareness of the uses of cyberpenetration for industrial espionage, though here cases are harder to name since victimized companies are often reluctant to go public. In April 2007, following a political row between Russia and Estonia over the latter's removal of a Soviet-era war memorial, a cyberattack paralyzed many of Estonia's key Web sites. The same happened in Georgia after Russia's invasion last August.

Still, none of this seems to amount to a strategic threat. Think again. In the early-1990s, the Chinese military resurrected the concept of Shashoujian, which loosely means any weapon or military strategy that can get the better of a seemingly invincible opponent. More often it's translated as "assassin's mace," or -- even better -- "killer ap."

The Chinese began investigating Shashoujian after noting how a highly networked, information-centric U.S. military easily bested Iraq in the 1991 Gulf War. The result was heavy investment in asymmetric weapons like an antisatellite missile, which China successfully tested in January 2007 and which could knock America's eyes out of the sky, as well as ultra-quiet, relatively inexpensive, diesel-electric submarines that could take out an aircraft carrier.

As for the penetrations into the U.S. electricity grid, the Chinese and Russians adamantly deny involvement. But the advantages to any potential enemy of shutting down large parts of the grid are huge, beginning with the fact that the nature of the Internet makes it virtually impossible confidently to pinpoint the author of the attack. As for consequences, Mr. Borg outlines a grim scenario.

"If you shut down power for about three days," he says, "it causes very little damage. We can handle a long weekend. But if you shut down power for longer, all kinds of other things begin to happen. After about 10 days the curve levels off with about 72% of all economic activity shut down. You don't have air conditioning in the summer; you don't have heating in the winter. Thousands of people die."

Among Mr. Borg's conceptual recommendations is for the U.S. to begin thinking about its critical infrastructure as the center of gravity in any future conflict. "This is no longer about perimeter defense," he stresses. As for who could pull off that kind of cyberattack, he names (besides the U.S. and other leading high-tech nations) China, Russia and Israel. And Iran? Probably not, he suspects, nor yet groups like al Qaeda. Then again, he adds, "the worry is that over the next six or seven years they will assemble this kind of expertise."

Under President George W. Bush, Congress secretly approved $17 billion in cyber-security spending. President Barack Obama's 2010 budget calls for an additional $355 million, and that's on the public side. Maybe it's helping. Then again, personal data involving 49,000 people was recently stolen from a Federal Aviation Administration data server, while the Los Alamos National Laboratory reports 13 computers lost or stolen and another 67 missing in the past year. Yes, it's that Los Alamos.

Plainly, we have a problem. And as we consider ever-more elaborate defenses for our vulnerable networks, here's a modest suggestion: Gently alert our non-NATO "partners" that we might be in their electricity grids, too.

When American forces in Iraq wanted to lure members of Al Qaeda into a trap, they hacked into one of the group’s computers and altered information that drove them into American gun sights.

When President George W. Bush ordered new ways to slow Iran’s progress toward a nuclear bomb last year, he approved a plan for an experimental covert program — its results still unclear — to bore into their computers and undermine the project. (WHY ON EARTH IS THIS INFO BEING DIVULGED?!?-- Marc)

And the Pentagon has commissioned military contractors to develop a highly classified replica of the Internet of the future. The goal is to simulate what it would take for adversaries to shut down the country’s power stations, telecommunications and aviation systems, or freeze the financial markets — in an effort to build better defenses against such attacks, as well as a new generation of online weapons.

Just as the invention of the atomic bomb changed warfare and deterrence 64 years ago, a new international race has begun to develop cyberweapons and systems to protect against them.

Thousands of daily attacks on federal and private computer systems in the United States — many from China and Russia, some malicious and some testing chinks in the patchwork of American firewalls — have prompted the Obama administration to review American strategy.

President Obama is expected to propose a far larger defensive effort in coming days, including an expansion of the $17 billion, five-year program that Congress approved last year, the appointment of a White House official to coordinate the effort, and an end to a running bureaucratic battle over who is responsible for defending against cyberattacks.

But Mr. Obama is expected to say little or nothing about the nation’s offensive capabilities, on which the military and the nation’s intelligence agencies have been spending billions. In interviews over the past several months, a range of military and intelligence officials, as well as outside experts, have described a huge increase in the sophistication of American cyberwarfare capabilities.

Because so many aspects of the American effort to develop cyberweapons and define their proper use remain classified, many of those officials declined to speak on the record. The White House declined several requests for interviews or to say whether Mr. Obama as a matter of policy supports or opposes the use of American cyberweapons.

The most exotic innovations under consideration would enable a Pentagon programmer to surreptitiously enter a computer server in Russia or China, for example, and destroy a “botnet” — a potentially destructive program that commandeers infected machines into a vast network that can be clandestinely controlled — before it could be unleashed in the United States.

Or American intelligence agencies could activate malicious code that is secretly embedded on computer chips when they are manufactured, enabling the United States to take command of an enemy’s computers by remote control over the Internet. That, of course, is exactly the kind of attack officials fear could be launched on American targets, often through Chinese-made chips or computer servers.

So far, however, there are no broad authorizations for American forces to engage in cyberwar. The invasion of the Qaeda computer in Iraq several years ago and the covert activity in Iran were each individually authorized by Mr. Bush. When he issued a set of classified presidential orders in January 2008 to organize and improve America’s online defenses, the administration could not agree on how to write the authorization.

A principal architect of that order said the issue had been passed on to the next president, in part because of the complexities of cyberwar operations that, by necessity, would most likely be conducted on both domestic and foreign Internet sites. After the controversy surrounding domestic spying, Mr. Bush’s aides concluded, the Bush White House did not have the credibility or the political capital to deal with the subject.

=================

(Page 2 of 4)

Cyberwar would not be as lethal as atomic war, of course, nor as visibly dramatic. But when Mike McConnell, the former director of national intelligence, briefed Mr. Bush on the threat in May 2007, he argued that if a single large American bank were successfully attacked “it would have an order-of-magnitude greater impact on the global economy” than the Sept. 11, 2001, attacks. Mr. McConnell, who left office three months ago, warned last year that “the ability to threaten the U.S. money supply is the equivalent of today’s nuclear weapon.”

The scenarios developed last year for the incoming president by Mr. McConnell and his coordinator for cybersecurity, Melissa Hathaway, went further. They described vulnerabilities including an attack on Wall Street and one intended to bring down the nation’s electric power grid. Most were extrapolations of attacks already tried.

Today, Ms. Hathaway is the primary author of White House cyberstrategy and has been traveling the country talking in vague terms about recent, increasingly bold attacks on the computer networks that keep the country running. Government officials will not discuss the details of a recent attack on the air transportation network, other than to say the attack never directly affected air traffic control systems.

Still, the specter of an attack that could blind air traffic controllers and, perhaps, the military’s aerospace defense networks haunts military and intelligence officials. (The saving grace of the air traffic control system, officials say, is that it is so old that it is not directly connected to the Internet.)

Studies, with code names like Dark Angel, have focused on whether cellphone towers, emergency-service communications and hospital systems could be brought down, to sow chaos.

But the theoretical has, at times, become real.

“We have seen Chinese network operations inside certain of our electricity grids,” said Joel F. Brenner, who oversees counterintelligence operations for Dennis Blair, Mr. McConnell’s successor as national intelligence director, speaking at the University of Texas at Austin this month. “Do I worry about those grids, and about air traffic control systems, water supply systems, and so on? You bet I do.”

But the broader question — one the administration so far declines to discuss — is whether the best defense against cyberattack is the development of a robust capability to wage cyberwar.

As Mr. Obama’s team quickly discovered, the Pentagon and the intelligence agencies both concluded in Mr. Bush’s last years in office that it would not be enough to simply build higher firewalls and better virus detectors or to restrict access to the federal government’s own computers.

“The fortress model simply will not work for cyber,” said one senior military officer who has been deeply engaged in the debate for several years. “Someone will always get in.”

That thinking has led to a debate over whether lessons learned in the nuclear age — from the days of “mutually assured destruction” — apply to cyberwar.

But in cyberwar, it is hard to know where to strike back, or even who the attacker might be. Others have argued for borrowing a page from Mr. Bush’s pre-emption doctrine by going into foreign computers to destroy malicious software before it is unleashed into the world’s digital bloodstream. But that could amount to an act of war, and many argue it is a losing game, because the United States is more dependent on a constantly running Internet system than many of its potential adversaries, and therefore could suffer more damage in a counterattack.

In a report scheduled to be released Wednesday, the National Research Council will argue that although an offensive cybercapability is an important asset for the United States, the nation is lacking a clear strategy, and secrecy surrounding preparations has hindered national debate, according to several people familiar with the report.

The advent of Internet attacks — especially those suspected of being directed by nations, not hackers — has given rise to a new term inside the Pentagon and the National Security Agency: “hybrid warfare.”

It describes a conflict in which attacks through the Internet can be launched as a warning shot — or to pave the way for a traditional attack.

=====================

Page 3 of 4)

Early hints of this new kind of warfare emerged in the confrontation between Russia and Estonia in April 2007. Clandestine groups — it was never determined if they had links to the Russian government — commandeered computers around the globe and directed a fire hose of data at Estonia’s banking system and its government Web sites.

The computer screens of Estonians trying to do business with the government online were frozen, if they got anything at all. It was annoying, but by the standards of cyberwar, it was child’s play.

In August 2008, when Russia invaded Georgia, the cyberattacks grew more widespread. Georgians were denied online access to news, cash and air tickets. The Georgian government had to move its Internet activity to servers in Ukraine when its own servers locked up, but the attacks did no permanent damage.

Every few months, it seems, some agency, research group or military contractor runs a war game to assess the United States’ vulnerability. Senior intelligence officials were shocked to discover how easy it was to permanently disable a large power generator. That prompted further studies to determine if attackers could take down a series of generators, bringing whole parts of the country to a halt.

Another war game that the Department of Homeland Security sponsored in March 2008, called Cyber Storm II, envisioned a far larger, coordinated attack against the United States, Britain, Canada, Australia and New Zealand. It studied a disruption of chemical plants, rail lines, oil and gas pipelines and private computer networks. That study and others like it concluded that when attacks go global, the potential economic repercussions increase exponentially.

To prove the point, Mr. McConnell, then the director of national intelligence, spent much of last summer urging senior government officials to examine the Treasury Department’s scramble to contain the effects of the collapse of Bear Stearns. Markets froze, he said, because “what backs up that money is confidence — an accounting system that is reconcilable.” He began studies of what would happen if the system that clears market trades froze.

“We were halfway through the study,” one senior intelligence official said last month, “and the markets froze of their own accord. And we looked at each other and said, ‘Our market collapse has just given every cyberwarrior out there a playbook.’ ”

Just before Mr. Obama was elected, the Center for Strategic and International Studies, a policy research group in Washington, warned in a report that “America’s failure to protect cyberspace is one of the most urgent national security problems facing the new administration.”

What alarmed the panel was not the capabilities of individual hackers but of nations — China and Russia among them — that experts believe are putting huge resources into the development of cyberweapons. A research company called Team Cymru recently examined “scans” that came across the Internet seeking ways to get inside industrial control systems, and discovered more than 90 percent of them came from computers in China.

Scanning alone does no damage, but it could be the prelude to an attack that scrambles databases or seeks to control computers. But Team Cymru ran into a brick wall as soon as it tried to trace who, exactly, was probing these industrial systems. It could not determine whether military organizations, intelligence agencies, terrorist groups, criminals or inventive teenagers were behind the efforts.

The good news, some government officials argue, is that the Chinese are deterred from doing real damage: Because they hold more than a trillion dollars in United States government debt, they have little interest in freezing up a system they depend on for their own investments.

Then again, some of the scans seemed to originate from 14 other countries, including Taiwan, Russia and, of course, the United States.

Bikini Atoll for an Online Age

Because “cyberwar” contains the word “war,” the Pentagon has argued that it should be the locus of American defensive and offensive strategy — and it is creating the kind of infrastructure that was built around nuclear weapons in the 1940s and ’50s.

Defense Secretary Robert M. Gates is considering proposals to create a Cyber Command — initially as a new headquarters within the Strategic Command, which controls the American nuclear arsenal and assets in space. Right now, the responsibility for computer network security is part of Strategic Command, and military officials there estimate that over the past six months, the government has spent $100 million responding to probes and attacks on military systems. Air Force officials confirm that a large network of computers at Maxwell Air Force Base in Alabama was temporarily taken off-line within the past eight months when it was put at risk of widespread infection from computer viruses.

================

Page 4 of 4)

But Mr. Gates has concluded that the military’s cyberwarfare effort requires a sharper focus — and thus a specific command. It would build the defenses for military computers and communications systems and — the part the Pentagon is reluctant to discuss — develop and deploy cyberweapons.

In fact, that effort is already under way — it is part of what the National Cyber Range is all about. The range is a replica of the Internet of the future, and it is being built to be attacked. Competing teams of contractors — including BAE Systems, the Applied Physics Laboratory at Johns Hopkins University and Sparta Inc. — are vying to build the Pentagon a system it can use to simulate attacks. The National Security Agency already has a smaller version of a similar system, in Millersville, Md.

In short, the Cyber Range is to the digital age what the Bikini Atoll — the islands the Army vaporized in the 1950s to measure the power of the hydrogen bomb — was to the nuclear age. But once the tests at Bikini Atoll demonstrated to the world the awesome destructive power of the bomb, it became evident to the United States and the Soviet Union — and other nuclear powers — that the risks of a nuclear exchange were simply too high. In the case of cyberattacks, where the results can vary from the annoying to the devastating, there are no such rules.

The Deterrence Conundrum

During the cold war, if a strategic missile had been fired at the United States, screens deep in a mountain in Colorado would have lighted up and American commanders would have some time to decide whether to launch a counterattack. Today, when Pentagon computers are subjected to a barrage, the origin is often a mystery. Absent certainty about the source, it is almost impossible to mount a counterattack.

In the rare case where the preparations for an attack are detected in a foreign computer system, there is continuing debate about whether to embrace the concept of pre-emption, with all of its Bush-era connotations. The questions range from whether an online attack should be mounted on that system to, in an extreme case, blowing those computers up.

Some officials argue that if the United States engaged in such pre-emption — and demonstrated that it was watching the development of hostile cyberweapons — it could begin to deter some attacks. Others believe it will only justify pre-emptive attacks on the United States. “Russia and China have lots of nationalistic hackers,” one senior military officer said. “They seem very, very willing to take action on their own.”

Senior Pentagon and military officials also express deep concern that the laws and understanding of armed conflict have not kept current with the challenges of offensive cyberwarfare.

Over the decades, a number of limits on action have been accepted — if not always practiced. One is the prohibition against assassinating government leaders. Another is avoiding attacks aimed at civilians. Yet in the cyberworld, where the most vulnerable targets are civilian, there are no such rules or understandings. If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker’s power grid if that would also shut down its hospital systems, its air traffic control system or its banking system?

“We don’t have that for cyber yet,” one senior Defense Department official said, “and that’s a little bit dangerous.”

By Ed TimperlakeCyberwar is now a fact of life in 21st Century wars. Actual and potential enemies of America already know the dimensions of Cyberwar and have moved into full combat.

With a real world combat engagement in Georgia and Estonia, the Russians have shown skill. Make no mistake; in certain arenas the Russians are smart and capable, and as the invasion of Georgia shows, ruthless. They have world class scientists and engineers. It is well known they are excellent Cyber Warfighters who have now also apparently harnessed their criminal hackers to augment their worldwide reach. This melding of Russian conventional military might with reported state sponsored criminal cyber syndicates is ominous and powerful.

The Peoples Republic of China's attacks in United States Cyberspace are well known to even casual-mail and Google users, where viruses linked by the media to Chinese sources circle and wait for openings. If the dollar value of the troves of information reported by media to be carted off by the Chinese were toted up, the number could be many billions, if not a trillion. If George Washington and Thomas Jefferson could visit America in 2009 they would call the Chinese attacks Acts Of War.

America is awakened. The Pentagon is standing up a new Department of Defense major combat command This new Cyber Command will be headed by Lieutenant General Keith Alexander, who currently commands the National Security Agency (nickname "no such agency"). He will be promoted to four stars and be the first Commanding General of the Cyber Command to be Headquartered at Ft Meade, Maryland.

General Alexander, a warrior trained at West Point, has a well earned reputation as a visionary in 21st Century Warfare and the reach and power of technology. As Director of Technology Assessment, International Technology Security in the Office of the Secretary of Defense I visited and worked with the Army's Intelligence and Security Command then headed by Major General Alexander. It was clear that MG Alexander knew how to maneuver in cyberspace in cutting-edge ways.

If confirmed to his new position General Alexander will be standing on the shoulders of a giant -- his visionary fellow West Pointer Mike Wynne. Secretary of the Air Force Wynne launched the USAF Cyber Command, which created the template and many components of the new DOD Cyber Command. Secretary Wynne pronounced with clarity that Cyberspace is a war fighting domain like Air, Sea, Land, and Space, where Intelligence operations, like training, supply, and Medical operations are one component at work in the Domain

The fundamental principle of American Cyber Doctrine must emerge with focuses on Law Enforcement and war fighting, returning the Intelligence Community, which in the last centuryextended into the Internet, to their primary role of cyber intelligence gathering and some cyber operations. This return to basics by the IC will be beneficial, since they completely missed the impending collapse of the old Soviet Empire and gave no apparent warning of the Russian attack on Georgia.

The two overall functions in Cyberspace are Law Enforcement and Investigation, the mission assigned to the Department of Homeland Security and the Federal Bureau of Investigation, and War Fighting, assigned to Cyber Command. Euphemistically, it can be said the first two are engaged in Dot.Gov and Dot.Com Cyberspace and DOD warriors fighting and defending our country from foreign attack are engaged in Dot.Mil Cyberspace.

The Wall Street Journal in a headline written on August 12 2008 perfectly captures the 21st Century warfare that the Russians have apparently employed in their invasion of Georgia: "Georgia States Computers hit by Cyber attacks. " The world has seen an opening chapter on how Russian cyber war capabilities are combined with Russian conventional forces. This chapter of war is being written in blood.

In our 1999 book "Red Dragon Rising" co-author William C. Triplett II and I postulated an electronic "Pearl Harbor" with The PRC attacking Taiwan. Using all their military capabilities, for example airborne and seaborne infantry, tactical air, naval armada, other elements of the attack could include: Surprise attack, Internet attack ("Cyber Attack was not in the lexicon then), Psychological Operations, and all tools of attack. That scenario now is at the center of US war planning.

The Chinese Peoples Liberation Army can in 2009 launch a massive Cyber assault on Taiwan. Some command and control networks would be destroyed while others would be deliberately spared so they could be manipulated from the inside. Radio and television signals can be jammed and false images of calls from Political Leaders advocating surrender broadcast. Banking systems and specific accounts can be targeted. Information war could also deliberately leave some radar signals intact to warn of "virtual assaults" feeding the confusion and bringing command and control systems to a halt. Finally, Fifth columns at home and abroad can spread rumors and try and keep Washington confused.

America will ultimately win any Cyber engagement if we keep our focus and dedicate sufficient resources. Mike Wynne knew this: It can take a while for the American military to get it right, but once warriors are recruited trained and focused we have the best military the world has ever seen.

Air Force Cyber Doctrine had an extremely attractive feature, and the new DOD Cyber Command can build on it: the US Cyber Command is a military fighting force that would interest 18-year-old men and women some who are already the most computer savvy individuals in the world. These young American men and women, who really enjoy Wired Magazine, have reached adulthood with an instinctive know how on how to use computers -- for good or ill. They are perfect warriors in this brave new world.

A great American General, later President, Andrew "Andy" Jackson in the War of 1812 understood the power of innovative American battle tactics. General Jackson augmented his regulars at the Battle of New Orleans with frontier sharpshooters and pirates. The poor Red Coats did not know what hit them.

A US Cyber Command can attract our best Cyberspace sharpshooters along with swashbuckling Cyber Buccaneers. Russia, the Peoples Republic of China, Iran and others will soon have a cold dose of reality that in awaking the American sleeping giant Cyber attacks can run two ways. Page Printed from: http://www.americanthinker.com/2009/05/the_first_war_in_cyberspace.html at May 26, 2009 - 10:53:30 AM EDT

At the risk of riling up GM, I hope the new "cyberczar" position doesn't morph into another crisis that is not put to waste. There is a lot of mischief a non-elected official charged with the security of all things networked could get into.

It's pretty interesting that ad hoc cyberwarriors are springing up around the globe to assist Iranian dissidents. . . .

Crisis in Iran Sparks Global Guerrilla Cyberwar

Tuesday , June 16, 2009

The election crisis in Iran has ignited a full-on guerrilla cyberwar, with Twitterers and techies across the globe pitching in to help protesters in that country access the Internet, and official Iranian government Web sites being knocked offline.

The U.S. State Department even reportedly weighed in, with an unnamed official telling Reuters Tuesday that it had asked Twitter not to "shut down its system in Iran."

Early on Monday, bloggers outside Iran began posting and tweeting links to Web proxy servers that Iranians could use to dodge censorship — and others put up how-to guides for setting up even more proxies.

Some efforts took a more aggressive tone, as "hacktivists" talked of taking down Iranian goverment Web sites, and at least one American blogger posted instructions on how to do so.

As of midday Tuesday, Web sites belonging to President Mahmoud Ahmadinejad and Supreme Leader Ayatollah Ali Khamenei were unreachable.

Twitter itself, realizing how vital it had become, put off a scheduled maintenance outage until 5 p.m. EDT Tuesday (1:30 a.m. Wednesday in Tehran) so that Iranians could get in a full day of uninterrupted tweeting.

Iranians used the proxy servers to upload dozens of video clips to YouTube, despite an official block on the Web site within the country.

One blurry YouTube clip, likely shot with a cell phone, showed what appeared to have been a member of the Basij paramilitary force firing down from a second-story window into a courtyard with an AK-47 as protests continued behind a high wall.

The footage broadly matched an incident in Tehran Monday evening, when protesters broke into a Basij compound. Seven were reported killed.

Back in the U.S., the Iran protests drew support, and maybe even some collateral damage.

"My website has been attacked by Iran. My servers are melting," wrote blogger Austin Heap, a San Francisco IT professional who's become one of the leaders of the cyberinsurrection.

"But individuals in the opposition are still able to use technology to mobilize each other," he wrote. "And the tech community around the world is still able to support them."

He at first posted proxy links late Sunday, then switched Monday to instructions on how to set them up, and finally posted code on how to disable Iranian official servers.

Also in San Francisco, Twitter sacrificed the convenience of millions of users in the Americas for the greater cause of Iranian freedom.

"A critical network upgrade must be performed to ensure continued operation of Twitter. In coordination with Twitter, our network host had planned this upgrade for tonight," co-founder Biz Stone wrote on the official Twitter blog Monday afternoon.

"However, our network partners at NTT America recognize the role Twitter is currently playing as an important communication tool in Iran. Tonight's planned maintenance has been rescheduled to tomorrow between 2-3p PST (1:30a in Iran)."

There was no comment from Twitter regarding the Reuters report that the State Dept. had asked it to keep Twitter up.

Late Monday, top Iranian crisis tweeter Moussavi1388, an unofficial mouthpiece for officially defeated presidential candidate Mir Hossein Moussavi, tweeted: "Twitter is currently our ONLY way to communicate overnight news in Iran, PLEASE do not take it down."

Meanwhile, #iranelection soared to the top of Twitter's most-searched-term list, with new tweets coming in even faster Tuesday than they had the day before.

"Unconfirmed rumours — army generals arrested — many rumours of coupdetat by army," posted PersianKiwi, another top Enlish-language Iranian Twitterer, on Tuesday morning.

One big question lay open — if Chinese officials were able to block Twitter just before the June 4 anniversary of the Tiananmen Square massacre, why couldn't Iran?

"[Users are] using proxies to break the filters. So twitter is even being blocked too," answered Michelle Moghtader of the National Iranian American Council, responding to a question during a live chat on WashingtonPost.com.

"You can say it's online warfare of constant censoring and breaking of filters," she added.

Internet expert Jonathan Zittrain, a law professor at Harvard, wrote on his blog that Twitter's own sloppiness helped it evade Iranian blockers.

"Twitter isn't just any particular Web site. It's an atom designed to be built into other molecules," said Zittrain. "More than most, Twitter allows multiple paths in and out for data."

"The very fact that Twitter itself is half-baked, coupled with its designers' willingness to let anyone build on top of it to finish baking it," he added, "is what makes it so powerful."

In a Monty Python skit from 1970, the Vercotti brothers, wearing Mafia suits and dark glasses, approach a colonel in a British military barracks. "You've got a nice army base here, Colonel," says Luigi Vercotti. "We wouldn't want anything to happen to it." Dino explains, "My brother and I have got a little proposition for you, Colonel," and Luigi elaborates, "We can guarantee you that not a single armored division will get done over for 15 bob a week."

If the idea of the military having to pay protection money to the mob seems silly, imagine what Monty Python could do with last week's White House decision on security. It announced a new "Cyber Command" to protect information infrastructure, but stipulated that the military is allowed to protect only itself, not the civilian Internet or other key communications networks. When President Barack Obama announced the plan, he stressed that it "will not -- I repeat -- will not -- include monitoring private-sector networks or Internet traffic." It's like telling the military if there's another 9/11 to protect the Pentagon but not the World Trade Center.

The announcement shows that our political system is still ambivalent about how to defend communications networks such as the Internet. We expect privacy, but we know that intrusive techniques are required to protect the system from cyber attacks. How to balance privacy with preventing attacks that would undermine the system altogether?

It's an open secret that the National Security Agency (NSA) must operate through civilian networks inside the U.S. in order to prevent millions of cyber attacks every year by foreign governments, terror groups and hackers. Likewise, the NSA must follow leads through computer networks that run through innocent countries. "How do you understand sovereignty in the cyber domain?" asked James Cartwright, vice chairman of the Joint Chiefs of Staff, in a recent speech. "It doesn't tend to pay a lot of attention to geographic borders."

The risks are real. Cyber attacks on Estonia and Georgia by Russia in recent years forced government, banking, media and other Web sites offline. In the U.S., the public Web, air-traffic control systems and telecommunications services have all been attacked. Congressional offices have been told that China has broken into their computers. Both China and Russia were caught having infiltrated the U.S. electric-power grid, leaving behind software code to be used to disrupt the system. The risk of attacks to create massive power outages is so serious that the best option could be unplugging the U.S. power grid from the Internet.

The military is far ahead of civilian agencies such as Homeland Security and is now focused on cyber offense as well as defense. Cyberspace, says Gen. Kevin P. Chilton, commander of the U.S. Strategic Command, is the new "domain," joining the traditional domains of air, land and sea. Each is a focus for both defense and attack. The U.S., a decade behind China, is now officially focused on using cyber warfare offensively as well as defensively.

The U.S. is an inventive nation, so we'll get to the right answer on security if we ask the right questions. What if the only way the military can block a cyber attack is to monitor domestic use of the Web, since foreigners use the Web to launch cyber attacks? What is a "reasonable" search in a virtual world such as a global communication network? What's the proper response to cyber attacks?

If cyber war is a new form of war, wouldn't most Americans adjust their expectations of reasonable privacy to permit the Pentagon to intrude to some degree on their communications, if this is necessary to prevent great harm and if rules protecting anonymity can be established? Finally, wouldn't it be better for politicians to encourage a frank discussion about these issues before a significant attack occurs instead of pretending there are no trade-offs?

Only the NSA, which operates within the Defense Department, has the expertise to protect all U.S. networks. It has somehow found ways to mine needed data despite pre-Web rules that restrict its activities domestically. But the question remains: How can the military get enough access to private, domestic networks to protect them while still ensuring as much privacy as possible? One logical approach is for Homeland Security to delegate domestic defense to the NSA, but for the domestic agency to maintain enough responsibility to have political accountability if privacy rights get violated in the process.

We'll look back on the current era, with the military constrained from defending vital domestic interests, as an artifact of an era when it was easy to point to what was foreign and what was domestic. In the digital world, as the cyber threat shows, physical distinctions such as political borders are unhelpful and can be dangerously confusing.

OUR economy, energy supply, means of transportation and military defenses are dependent on vast, interconnected computer and telecommunications networks. These networks are poorly defended and vulnerable to theft, disruption or destruction by foreign states, criminal organizations, individual hackers and, potentially, terrorists. In the last few months it has been reported that Chinese network operations have found their way into American electricity grids, and computer spies have broken into the Pentagon’s Joint Strike Fighter project.

Acknowledging such threats, President Obama recently declared that digital infrastructure is a “strategic national asset,” the protection of which is a national security priority.

One of many hurdles to meeting this goal is that the private sector owns and controls most of the networks the government must protect. In addition to banks, energy suppliers and telecommunication companies, military and intelligence agencies use these private networks. This is a dangerous state of affairs, because the firms that build and run computer and communications networks focus on increasing profits, not protecting national security. They invest in levels of safety that satisfy their own purposes, and tend not to worry when they contribute to insecure networks that jeopardize national security.

This is a classic market failure that only government leadership can correct. The tricky task is for the government to fix the problem in ways that do not stifle innovation or unduly hamper civil liberties.

Our digital security problems start with ordinary computer users who do not take security seriously. Their computers can be infiltrated and used as vehicles for attacks on military or corporate systems. They are also often the first place that adversaries go to steal credentials or identify targets as a prelude to larger attacks.

President Obama has recognized the need to educate the public about computer security. The government should jump-start this education by mandating minimum computer security standards and by requiring Internet service providers to deny or delay Internet access to computers that fall below these standards, or that are sending spam or suspicious multiple computer probes into the network.

The government should also use legal liability or tax breaks to motivate manufacturers — especially makers of operating systems — to improve vulnerability-filled software that infects the entire network. It should mandate disclosure of data theft and other digital attacks — to trusted private parties, if not to the public or the government — so that firms can share information about common weapons and best defenses, and so the public can better assess which firms’ computer systems are secure. Increased information production and sharing will also help create insurance markets that can elevate best security practices.

But the private sector cannot protect these networks by itself any more than it can protect the land, air or water channels through which foreign adversaries or criminal organizations might attack us. The government must be prepared to monitor and, if necessary, intervene to secure channels of cyberattack as well.

The Obama administration recently announced that it would set up a Pentagon cybercommand to defend military networks. Some in the administration want to use Cybercom to help the Department of Homeland Security protect the domestic components of private networks that are under attack or being used for attacks. Along similar lines, a Senate bill introduced in April would give the executive branch broad emergency authority to limit or halt private Internet traffic related to “critical infrastructure information systems.”

President Obama has tried to soothe civil liberties groups’ understandable worries about these proposals. In the speech that outlined the national security implications of our weak digital defenses, the president said the government would not monitor private sector networks or Internet traffic, and pledged to “preserve and protect the personal privacy and civil liberties we cherish as Americans.”

But the president is less than candid about the tradeoffs the nation faces. The government must be given wider latitude than in the past to monitor private networks and respond to the most serious computer threats.

These new powers should be strictly defined and regularly vetted to ensure legal compliance and effectiveness. Last year’s amendments to the nation’s secret wiretapping regime are a useful model. They expanded the president’s secret wiretapping powers, but also required quasi-independent inspectors general in the Department of Justice and the intelligence community to review effectiveness and legal compliance and report to Congress regularly.

Many will balk at this proposal because of the excesses and mistakes associated with the secret wiretapping regime in the Bush administration. These legitimate concerns can be addressed with improved systems of review.

But they should not prevent us from empowering the government to meet the cyber threats that jeopardize our national defense and economic security. If they do, then privacy could suffer much more when the government reacts to a catastrophic computer attack that it failed to prevent.

Jack Goldsmith, a professor at Harvard Law School who was an assistant attorney general from 2003 to 2004, is writing a book on cyberwar.

WASHINGTON – The powerful attack that overwhelmed computers at U.S. and South Korean government agencies for days was even broader than initially realized, also targeting the White House, the Pentagon and the New York Stock Exchange. Other targets of the attack included the National Security Agency, Homeland Security Department, State Department, the Nasdaq stock market and The Washington Post, according to an early analysis of the malicious software used in the attacks. Many of the organizations appeared to successfully blunt the sustained computer assaults.

The Associated Press obtained the target list from security experts analyzing the attacks. It was not immediately clear who might be responsible or what their motives were. South Korean intelligence officials believe the attacks were carried out by North Korea or pro-Pyongyang forces.

The attack was remarkably successful in limiting public access to victim Web sites, but internal e-mail systems are typically unaffected in such attacks. Some government Web sites — such as the Treasury Department, Federal Trade Commission and Secret Service — were still reporting problems days after the attack started during the July 4 holiday. South Korean Internet sites began experiencing problems Tuesday.

South Korea's National Intelligence Service, the nation's principal spy agency, told a group of South Korean lawmakers Wednesday it believes that North Korea or North Korean sympathizers in the South were behind the attacks, according to an aide to one of the lawmakers briefed on the information.

The aide spoke on condition of anonymity, citing the sensitivity of the information. The National Intelligence Service — South Korea's main spy agency — said it couldn't immediately confirm the report, but it said it was cooperating with American authorities.The attacks will be difficult to trace, said Professor Peter Sommer, an expert on cyberterrorism at the London School of Economics. "Even if you are right about the fact of being attacked, initial diagnoses are often wrong," he said Wednesday.Amy Kudwa, spokeswoman for the Homeland Security Department, said the agency's U.S. Computer Emergency Readiness Team issued a notice to federal departments and other partner organizations about the problems and "advised them of steps to take to help mitigate against such attacks."

New York Stock Exchange spokesman Ray Pellecchia could not confirm the attack, saying the company does not comment on security issues.

Attacks on federal computer networks are common, ranging from nuisance hacking to more serious assaults, sometimes blamed on China. U.S. security officials also worry about cyber attacks from al-Qaida or other terrorists.

This time, two government officials acknowledged that the Treasury and Secret Service sites were brought down, and said the agencies were working with their Internet service provider to resolve the problem. The officials spoke on condition of anonymity because they were not authorized to speak on the matter.

Ben Rushlo, director of Internet technologies at Keynote Systems, said problems with the Transportation Department site began Saturday and continued until Monday, while the FTC site was down Sunday and Monday.

Keynote Systems is a mobile and Web site monitoring company based in San Mateo, Calif. The company publishes data detailing outages on Web sites, including 40 government sites it watches.

According to Rushlo, the Transportation Web site was "100 percent down" for two days, so that no Internet users could get through to it. The FTC site, meanwhile, started to come back online late Sunday, but even on Tuesday Internet users still were unable to get to the site 70 percent of the time.

Web sites of major South Korean government agencies, including the presidential Blue House and the Defense Ministry, and some banking sites were paralyzed Tuesday. An initial investigation found that many personal computers were infected with a virus ordering them to visit major official Web sites in South Korea and the U.S. at the same time, Korea Information Security Agency official Shin Hwa-su said.___Associated Press writers Hyung-Jin Kim in Seoul, South Korea; Andrew Vanacore in New York; and Pan Pylas in London contributed to this report.

To hear the media tell it, the United States suffered a major cyberattack last week. Stories were everywhere. "Cyber Blitz hits U.S., Korea" was the headline in Thursday's Wall Street Journal. North Korea was blamed.

Where were you when North Korea attacked America? Did you feel the fury of North Korea's armies? Were you fearful for your country? Or did your resolve strengthen, knowing that we would defend our homeland bravely and valiantly?

My guess is that you didn't even notice, that -- if you didn't open a newspaper or read a news website -- you had no idea anything was happening. Sure, a few government websites were knocked out, but that's not alarming or even uncommon. Other government websites were attacked but defended themselves, the sort of thing that happens all the time. If this is what an international cyberattack looks like, it hardly seems worth worrying about at all.

Politically motivated cyber attacks are nothing new. We've seen UK vs. Ireland. Israel vs. the Arab states. Russia vs. several former Soviet Republics. India vs. Pakistan, especially after the nuclear bomb tests in 1998. China vs. the United States, especially in 2001 when a U.S. spy plane collided with a Chinese fighter jet. And so on and so on.

The big one happened in 2007, when the government of Estonia was attacked in cyberspace following a diplomatic incident with Russia about the relocation of a Soviet World War II memorial. The networks of many Estonian organizations, including the Estonian parliament, banks, ministries, newspapers and broadcasters, were attacked and -- in many cases -- shut down. Estonia was quick to blame Russia, which was equally quick to deny any involvement.

It was hyped as the first cyberwar, but after two years there is still no evidence that the Russian government was involved. Though Russian hackers were indisputably the major instigators of the attack, the only individuals positively identified have been young ethnic Russians living inside Estonia, who were angry over the statue incident.

Poke at any of these international incidents, and what you find are kids playing politics. Last Wednesday, South Korea's National Intelligence Service admitted that it didn't actually know that North Korea was behind the attacks: "North Korea or North Korean sympathizers in the South" was what it said. Once again, it'll be kids playing politics.

This isn't to say that cyberattacks by governments aren't an issue, or that cyberwar is something to be ignored. The constant attacks by Chinese nationals against U.S. networks may not be government-sponsored, but it's pretty clear that they're tacitly government-approved. Criminals, from lone hackers to organized crime syndicates, attack networks all the time. And war expands to fill every possible theater: land, sea, air, space, and now cyberspace. But cyberterrorism is nothing more than a media invention designed to scare people. And for there to be a cyberwar, there first needs to be a war.

Israel is currently considering attacking Iran in cyberspace, for example. If it tries, it'll discover that attacking computer networks is an inconvenience to the nuclear facilities it's targeting, but doesn't begin to substitute for bombing them.

In May, President Obama gave a major speech on cybersecurity. He was right when he said that cybersecurity is a national security issue, and that the government needs to step up and do more to prevent cyberattacks. But he couldn't resist hyping the threat with scare stories: "In one of the most serious cyber incidents to date against our military networks, several thousand computers were infected last year by malicious software -- malware," he said. What he didn't add was that those infections occurred because the Air Force couldn't be bothered to keep its patches up to date.

This is the face of cyberwar: easily preventable attacks that, even when they succeed, only a few people notice. Even this current incident is turning out to be a sloppily modified five-year-old worm that no modern network should still be vulnerable to.

Securing our networks doesn't require some secret advanced NSA technology. It's the boring network security administration stuff we already know how to do: keep your patches up to date, install good anti-malware software, correctly configure your firewalls and intrusion-detection systems, monitor your networks. And while some government and corporate networks do a pretty good job at this, others fail again and again.

Enough of the hype and the bluster. The news isn't the attacks, but that some networks had security lousy enough to be vulnerable to them.

This is Pravda on the Hudson writing here about exactly the sort of subject where it can be and often is at its most deceptive, so caveat lector. That said, I have no knowledge of these issues and cannot tell if this is simply the Obama people desperately giving up things they shouldn't be giving up (e.g. as they are currently doing in nuke negotiations with Russia) or whether there is something actually of merit going on here. I also note that the article does not mention China, which I understand to see our dependence on things cyper as a weak link in our military capabilities; and that they therefore are sedulously at work on their capabilities to seriously fcuk up our military comm capabilities. If we are busy keeping an agreement with the Russians, does that leave us more vulnerable to the Chinese?================================

In Shift, U.S. Talks to Russia on Internet Security RecommendJOHN MARKOFF and ANDREW E. KRAMERPublished: December 12, 2009 The United States has begun talks with Russia and a United Nations arms control committee about strengthening Internet security and limiting military use of cyberspace.

American and Russian officials have different interpretations of the talks so far, but the mere fact that the United States is participating represents a significant policy shift after years of rejecting Russia’s overtures. Officials familiar with the talks said the Obama administration realized that more nations were developing cyberweapons and that a new approach was needed to blunt an international arms race.

In the last two years, Internet-based attacks on government and corporate computer systems have multiplied to thousands a day. Hackers, usually never identified, have compromised Pentagon computers, stolen industrial secrets and temporarily jammed government and corporate Web sites. President Obama ordered a review of the nation’s Internet security in February and is preparing to name an official to coordinate national policy.

Last month, a delegation led by Gen. Vladislav P. Sherstyuk, a deputy secretary of the Russian Security Council and the former leader of the Russian equivalent of the National Security Agency, met in Washington with representatives from the National Security Council and the Departments of State, Defense and Homeland Security. Officials familiar with these talks said the two sides made progress in bridging divisions that had long separated the countries.

Indeed, two weeks later in Geneva, the United States agreed to discuss cyberwarfare and cybersecurity with representatives of the United Nations committee on disarmament and international security. The United States had previously insisted on addressing those matters in the committee on economic issues.

The Russians have held that the increasing challenges posed by military activities to civilian computer networks can be best dealt with by an international treaty, similar to treaties that have limited the spread of nuclear, chemical and biological weapons. The United States had resisted, arguing that it was impossible to draw a line between the commercial and military uses of software and hardware.

Now there is a thaw, said people familiar with the discussions.

“In the last months there are more signs of building better cooperation between the U.S. and Russia,” said Veni Markovski, a Washington-based adviser to Bulgaria’s Internet security chief and representative to Russia for the organization that assigns Internet domain names. “These are signs that show the dangers of cybercrime are too big to be neglected.”

Viktor V. Sokolov, deputy director of the Institute of Information Security in Moscow, a policy research group run by General Sherstyuk, said the Russian view was that the American position on Internet security had shifted perceptibly in recent months.

“There is movement,” he said. Before, bilateral negotiations were limited to the relevant Russian police agency, the Bureau of Special Technical Operations, the Internet division of the Ministry of Interior, and the F.B.I.

Mr. Sokolov characterized this new round of discussions as the opening of negotiations between Russia and the United States on a possible disarmament treaty for cyberspace, something Russia has long sought but the United States has resisted.

“The talks took place in a good atmosphere,” he said. “And they agreed to continue this process. There are positive movements.”

A State Department official, who was not authorized to speak about the talks and requested anonymity, disputed the Russian characterization of the American position. While the Russians have continued to focus on treaties that may restrict weapons development, the United States is hoping to use the talks to increase international cooperation in opposing Internet crime. Strengthening defenses against Internet criminals would also strengthen defenses against any military-directed cyberattacks, the United States maintains. An administration official said the United States was seeking common ground with the Russians.

The United Nations discussions are scheduled to resume in New York in January, and the two countries also plan to talk at an annual Russia-sponsored Internet security conference in Garmisch, Germany.

The American interest in reopening discussions shows that the Obama administration, even in absence of a designated Internet security chief, is breaking with the Bush administration, which declined to talk with Russia about issues related to military attacks using the Internet.

Many countries, including the United States, are developing weapons for use on computer networks that are ever more integral to the operations of everything from banks to electrical power systems to government offices. They include “logic bombs” that can be hidden in computers to halt them at crucial times or damage circuitry; “botnets” that can disable or spy on Web sites and networks; or microwave radiation devices that can burn out computer circuits miles away.

The Russians have focused on three related issues, according to American officials involved in the talks that are part of a broader thaw in American-Russian relations known as the "reset" that also include negotiations on a new nuclear disarmament treaty. In addition to continuing efforts to ban offensive cyberweapons, they have insisted on what they describe as an issue of sovereignty calling for a ban on “cyberterrorism.” American officials view the issue differently and describe this as a Russian effort to restrict “politically destabilizing speech.” The Russians have also rejected a portion of the Council of Europe Convention on Cybercrime that they assert violates their Constitution by permitting foreign law enforcement agencies to conduct Internet searches inside Russian borders.

In late October at a luncheon during a meeting on Security and Counter Terrorism at Moscow State University, General Sherstyuk told a group of American executives that the Russians would never sign the European Cybercrime Treaty as long as it contained the language permitting cross-border searches.

Thank you for the commentary. I had planned to ask this quesetion on the Govt. Programs or Internet thread, but since I have you here and you mention the "bandwidth bottleneck" issue, would you help me understand the issues involved with the FCC/BO plans to fund/create "high speed interent for everyone" both from the perspective of the issues here and with regard to the economic performance i.e. is it going to be a clusterfcuk or is it going to actually do some good at a reasonable cost?

The Attack Coming From Bytes, Not BombsBy MICHIKO KAKUTANIPublished: April 26, 2010

Blackouts hit New York, Los Angeles, Washington and more than 100 other American cities. Subways crash. Trains derail. Airplanes fall from the sky.

CYBER WARThe Next Threat to National Security and What to Do About It

By Richard A. Clarke and Robert K. Knake

290 pages. Ecco/HarperCollins Publishers. $25.99.

Gas pipelines explode. Chemical plants release clouds of toxic chlorine. Banks lose all their data. Weather and communication satellites spin out of their orbits. And the Pentagon’s classified networks grind to a halt, blinding the greatest military power in the world.

This might sound like a takeoff on the 2007 Bruce Willis “Die Hard” movie, in which a group of cyberterrorists attempts to stage what it calls a “fire sale”: a systematic shutdown of the nation’s vital communication and utilities infrastructure. According to the former counterterrorism czar Richard A. Clarke, however, it’s a scenario that could happen in real life — and it could all go down in 15 minutes. While the United States has a first-rate cyberoffense capacity, he says, its lack of a credible defense system, combined with the country’s heavy reliance on technology, makes it highly susceptible to a devastating cyberattack.

“The United States is currently far more vulnerable to cyberwar than Russia or China,” he writes. “The U.S. is more at risk from cyberwar than are minor states like North Korea. We may even be at risk some day from nations or nonstate actors lacking cyberwar capabilities, but who can hire teams of highly capable hackers.”

Lest this sound like the augury of an alarmist, the reader might recall that Mr. Clarke, counterterrorism chief in both the Bill Clinton and George W. Bush administrations, repeatedly warned his superiors about the need for an aggressive plan to combat al Qaeda — with only a pallid response before 9/11. He recounted this campaign in his controversial 2004 book, “Against All Enemies.”

Once again, there is a lack of coordination between the various arms of the military and various committees in Congress over how to handle a potential attack. Once again, government agencies and private companies in charge of civilian infrastructure are ill prepared to handle a possible disaster.

In these pages Mr. Clarke uses his insider’s knowledge of national security policy to create a harrowing — and persuasive — picture of the cyberthreat the United States faces today. Mr. Clarke is hardly a lone wolf on the subject: Mike McConnell, the former director of national intelligence, told a Senate committee in February that “if we were in a cyberwar today, the United States would lose.”

And last November, Steven Chabinsky, deputy assistant director for the Federal Bureau of Investigation’s cyber division, noted that the F.B.I. was looking into Qaeda sympathizers who want to develop their hacking skills and appear to want to target the United States’ infrastructure.

Mr. Clarke — who wrote this book with Robert K. Knake, an international affairs fellow at the Council on Foreign Relations — argues that because the United States military relies so heavily upon databases and new technology, it is “highly vulnerable to cyberattack.” And while the newly established Cyber Command, along with the Department of Homeland Security, is supposed to defend the federal government, he writes, “the rest of us are on our own”:

“There is no federal agency that has the mission to defend the banking system, the transportation networks or the power grid from cyberattack.” In fact, The Wall Street Journal reported in April 2009 that the United States’ electrical grid had been penetrated by cyberspies (reportedly from China, Russia and other countries), who left behind software that could be used to sabotage the system in the future.

For more than a decade now, Mr. Clarke has been warning about “an electronic Pearl Harbor,” and he is familiar with the frustrations of a political bureaucracy. He notes that pressure from both the right and left over the hot-button issues of regulation and privacy have made it difficult for the government to get individual corporations (which control vital services like electricity, Internet access and transportation) to improve their ability to defend themselves against cyberattack.

Meanwhile, Mr. Clarke says, China has developed “the ability to disconnect all Chinese networks from the rest of the global Internet, something that would be handy to have if you thought the U.S. was about to launch a cyberwar attack on you.” After the first gulf war, he explains, the Chinese “began to downsize their military” — which reportedly has about one-eighth of the Pentagon’s budget (before adding in the costs of the wars in Afghanistan and Iraq) — and invest in new technologies, which they believed could give them an asymmetric advantage over the United States, despite America’s overwhelming conventional arsenal.

As for North Korea, Mr. Clarke says, it employs an Olympics-like approach to creating cyberwarriors, selecting “elite students at the elementary-school level to be groomed as future hackers.” North Korea is suspected of being behind the cyberattacks of July 2009 that took down the Web servers of the Treasury, Secret Service, Federal Trade Commission and Transportation Department and is thought to have placed “trapdoors” — code that allows hackers future access to a network — on computer networks on at least two continents.

============

Page 2 of 2)

Trapdoors are just one device that rival nation states and cyberterrorists can use. There are also “logic bombs” (code that can set off malicious functions when triggered), Distributed Denial of Service (D.D.O.S.) attacks (in which a site or server is flooded with more requests for data than it can process), and foreign-manufactured software and hardware that might have been tampered with before being shipped to the States.

CYBER WAR

The Next Threat to National Security and What to Do About It

By Richard A. Clarke and Robert K. Knake

290 pages. Ecco/HarperCollins Publishers. $25.99.

The Defense Department, Mr. Clarke says, began to embrace the cost-saving idea of using commercial off-the-shelf software (instead of applications custom-made in-house) in the ’90s, and it “brought to the Pentagon all the same bugs and vulnerabilities that exist on your own computer.” He says, for instance, that in 1997, when the Windows system on a retrofitted “smart ship” called the U.S.S. Yorktown crashed, “the cruiser became a floating i-brick, dead in the water.”

The United States’ lack of an effective cyberdefense system, Mr. Clarke ominously warns, “will tempt opponents to attack in a period of tensions,” and it could also tempt America to take pre-emptive action or escalate a cyberconflict very rapidly if attacked. Were such a war to start, it could easily jump international boundaries, causing cascades of collateral damage to unspool around the world.

How best to address this alarming situation? Mr. Clarke reports that a 2009 meeting of some 30 cyberspace “old hands” — former government officials, current bureaucrats, chief security officers of major corporations, academics and senior information technology company officials — came to the conclusion that critical infrastructure should be separated from “the open-to-anyone” Internet. They also came out in favor of more government involvement in cyber research and development and a heightened emphasis on building “resilience” into systems so as to enable recovery, post-attack.

In addition to these suggestions, Mr. Clarke adds some fairly common-sense — but not so easily achieved — recommendations of his own. He argues that America needs to “harden the important networks that a nation-state attacker would target” by putting automated scanning systems in place to look for malware. Also, it needs to make sure that the Pentagon enhances the security of its own networks; and to work toward cyberarms-control agreements with other nations.

“The reality is that a major cyberattack from another nation is likely to originate in the U.S.,” Mr. Clarke says, noting that logic bombs and trapdoors are quite likely already in place, “so we will not be able to see it coming and block it with the systems we have now or those that are planned. Yes, we may be able to respond in kind, but our nation will still be devastated by a massive cyberattack on civilian infrastructure that smacks down power grids for weeks, halts trains, grounds aircraft, explodes pipelines and sets fire to refineries.”

And should America then decide to cross the line from cyberwarfare to conventional warfare, he says near the end of this chilling book, the highly advanced technology in our military arsenal “may suddenly not work.”

General Says Military Needs Cyberwar DoctrineSeeks defined boundariesBy Eli Lake, The Washington Times

The military needs to better define the boundaries of cyberwarfare to allow cyber forces to go beyond defending computers and networks against numerous attacks, the vice chairman of the Joint Chiefs of Staff said on Thursday.

Marine Corps Gen. James Cartwright said in a speech that "we have an entire architecture globally that is based on defense only, point defense only."

"Our defense is our virus protection software and our firewall. So if you are in uniform, what you've basically said is, 'I want to have this fight at my boundaries, inside my country, and I am willing to wait for that and when it gets catastrophic, we'll address it.' "

The general did not advocate conducting offensive cyberwarfare retaliation against foreign or domestic attacks. However, the newly-created U.S. Cyber Command combines both offensive and defensive cyber operations under one military unit.

Currently, military doctrine is unclear on what constitutes a computer or cyber-attack and what the consequences would be for countries or people who launched one on U.S. critical infrastructure. Branches of the armed forces, and in particular the Air Force, have conducted defensive and offensive actions in the realm of electronic or cyberwarfare. Individual branches of the armed services have developed their own cyberwarfare doctrine.

Gen. Cartwright said he supports the idea of cutting wasteful defense programs.

He also said he expects the current war against al Qaeda and Islamic extremism will last another five to 10 years.

The remarks on cyberwar sounded an alarm on the need for better doctrine.

The general compared the current lack of a doctrine on cyberwarfare to the Maginot Line, the concrete fortifications and stationary guns the French erected in World War II that failed to repel the Nazi tank blitz in the German invasion of France.

"Do you believe this network environment we are living in is going to persist for years to come?," he asked "If you believe those things, then we have to start thinking about the validity of a Maginot Line approach to cyber."

The comments on cyberwarfare doctrine were made as the Senate approved by voice vote the promotion of Gen. Keith Alexander, currently director of the National Security Agency, as the first new four-star chief of U.S. Cyber Command, located near NSA headquarters at Fort Meade, Md.

In a speech this week to Ogilvy Public Relations group, James N. Miller, deputy undersecretary of defense for policy, said the Defense Department is currently drafting a new cyberwarfare doctrine. He suggested that the military could respond to a cyber-attack by using conventional armed forces.

Mr. Miller also said that the military has lost enough data to fill the Library of Congress many times over every year due to cyber-attacks.

"Our systems are probed thousands of times a day and scanned millions of times a day," Mr. Miller said, according to the Reuters News Agency.

A U.S. defense contractor, who asked not to be named, said, "We are sitting on our hands waiting for someone to pick a fight with us. And guess what, they do it every day."

Retired Air Force Chief of Staff Gen. Ron Fogleman, speaking on a panel on defense in space and cyberspace, said that in the electronic realm, "it is very useful that every now and then you take a shot across the bow."The military has said very little publicly about its offensive cyber operations.

According to U.S. officials, most modern militaries have both the ability to launch computer viruses or denial of service attacks.

However, because it is very difficult to trace the origins of such attacks most state-based cyber-attacks are still kept in secret. Military experts have said China, Russia, Iran and North Korea are among the states known to have military cyberwarfare programs.

John Rizzo, the recently retired CIA general counsel, said last week at a breakfast meeting of the American Bar Association that he was envious of the military's legal authorities to conduct attacks on computer networks.He compared the CIA's cyber work to the military's Title 10 authority to "prepare the battlefield" the legal framework for most Pentagon cyber-attacks.

"I have always been envious of my colleagues at the Department of Defense, under the rubric of Title 10, of preparing the battlefield, they have always been able to operate to my lights with a much wider degree of discretion and autonomy than we lawyers at CIA have had to operate under," he said.

.The federal government is launching an expansive program dubbed "Perfect Citizen" to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.

The surveillance by the National Security Agency, the government's chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn't persistently monitor the whole system, these people said.

Defense contractor Raytheon Corp. recently won a classified contract for the initial phase of the surveillance effort valued at up to $100 million, said a person familiar with the project.

An NSA spokeswoman said the agency had no information to provide on the program. A Raytheon spokesman declined to comment.

Some industry and government officials familiar with the program see Perfect Citizen as an intrusion by the NSA into domestic affairs, while others say it is an important program to combat an emerging security threat that only the NSA is equipped to provide.

"The overall purpose of the [program] is our Government...feel that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security," said one internal Raytheon email, the text of which was seen by The Wall Street Journal. "Perfect Citizen is Big Brother."

Raytheon declined to comment on this email.

A U.S. military official called the program long overdue and said any intrusion into privacy is no greater than what the public already endures from traffic cameras. It's a logical extension of the work federal agencies have done in the past to protect physical attacks on critical infrastructure that could sabotage the government or key parts of the country, the official said.

U.S. intelligence officials have grown increasingly alarmed about what they believe to be Chinese and Russian surveillance of computer systems that control the electric grid and other U.S. infrastructure. Officials are unable to describe the full scope of the problem, however, because they have had limited ability to pull together all the private data.

Perfect Citizen will look at large, typically older computer control systems that were often designed without Internet connectivity or security in mind. Many of those systems—which run everything from subway systems to air-traffic control networks—have since been linked to the Internet, making them more efficient but also exposing them to cyber attack.

The goal is to close the "big, glaring holes" in the U.S.'s understanding of the nature of the cyber threat against its infrastructure, said one industry specialist familiar with the program. "We don't have a dedicated way to understand the problem."

The information gathered by Perfect Citizen could also have applications beyond the critical infrastructure sector, officials said, serving as a data bank that would also help companies and agencies who call upon NSA for help with investigations of cyber attacks, as Google did when it sustained a major attack late last year.

The U.S. government has for more than a decade claimed a national-security interest in privately owned critical infrastructure that, if attacked, could cause significant damage to the government or the economy. Initially, it established relationships with utility companies so it could, for instance, request that a power company seal a manhole that provides access to a key power line for a government agency.

With the growth in concern about cyber attacks, these relationships began to extend into the electronic arena, and the only U.S. agency equipped to manage electronic assessments of critical-infrastructure vulnerabilities is the NSA, government and industry officials said.

The NSA years ago began a small-scale effort to address this problem code-named April Strawberry, the military official said. The program researched vulnerabilities in computer networks running critical infrastructure and sought ways to close security holes.

That led to initial work on Perfect Citizen, which was a piecemeal effort to forge relationships with some companies, particularly energy companies, whose infrastructure is widely used across the country.

The classified program is now being expanded with funding from the multibillion-dollar Comprehensive National Cybersecurity Initiative, which started at the end of the Bush administration and has been continued by the Obama administration, officials said. With that infusion of money, the NSA is now seeking to map out intrusions into critical infrastructure across the country.

Because the program is still in the early stages, much remains to be worked out, such as which computer control systems will be monitored and how the data will be collected. NSA would likely start with the systems that have the most important security implications if attacked, such as electric, nuclear, and air-traffic-control systems, they said.

Intelligence officials have met with utilities' CEOs and those discussions convinced them of the gravity of the threat against U.S. infrastructure, an industry specialist said, but the CEOs concluded they needed better threat information and guidance on what to do in the event of a major cyber attack.

Experience WSJ professional Editors' Deep Dive: Cybercrime Risks Still GrowingSC MAGAZINEAnti-Hack: Retaliatory Action Against Digital Attacks.Information Technology NewsweeklyMany Professionals Leave Mobile Data Security to Chance.The New York TimesCredit Card Hackers Visit Hotels All Too Often. Access thousands of business sources not available on the free web. Learn More .Some companies may agree to have the NSA put its own sensors on and others may ask for direction on what sensors to buy and come to an agreement about what data they will then share with the government, industry and government officials said.

While the government can't force companies to work with it, it can provide incentives to urge them to cooperate, particularly if the government already buys services from that company, officials said.

Raytheon, which has built up a large cyber-security practice through acquisitions in recent years, is expected to subcontract out some of the work to smaller specialty companies, according to a person familiar with the project.

Cyber security experts say they have identified the world's first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant.

The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet's arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.

At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target – and that it may have been Iran's Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat.

Found this topic first at the link listed immediately below. Sounded sorta wacky so I started exploring the links and settled on the Yahoo story. Big implications if this is true, though I'm curios how code this powerful would be so hard to find on say a thumb drive.

Doug, I'd like to hear your opinion of the zero hedge site listed below.

Buzz up!By Mark Clayton – Tue Sep 21, 3:08 pm ETCyber security experts say they have identified the world's first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant.The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet's arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target – and that it may have been Iran's Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat.The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.Unlike most malware, Stuxnet is not intended to help someone make money or steal proprietary data. Industrial control systems experts now have concluded, after nearly four months spent reverse engineering Stuxnet, that the world faces a new breed of malware that could become a template for attackers wishing to launch digital strikes at physical targets worldwide. Internet link not required."Until a few days ago, people did not believe a directed attack like this was possible," Ralph Langner, a German cyber-security researcher, told the Monitor in an interview. He was slated to present his findings at a conference of industrial control system security experts Tuesday in Rockville, Md. "What Stuxnet represents is a future in which people with the funds will be able to buy an attack like this on the black market. This is now a valid concern."A gradual dawning of Stuxnet's purposeIt is a realization that has emerged only gradually.Stuxnet surfaced in June and, by July, was identified as a hypersophisticated piece of malware probably created by a team working for a nation state, say cyber security experts. Its name is derived from some of the filenames in the malware. It is the first malware known to target and infiltrate industrial supervisory control and data acquisition (SCADA) software used to run chemical plants and factories as well as electric power plants and transmission systems worldwide. That much the experts discovered right away.But what was the motive of the people who created it? Was Stuxnet intended to steal industrial secrets – pressure, temperature, valve, or other settings –and communicate that proprietary data over the Internet to cyber thieves?By August, researchers had found something more disturbing: Stuxnet appeared to be able to take control of the automated factory control systems it had infected – and do whatever it was programmed to do with them. That was mischievous and dangerous.But it gets worse. Since reverse engineering chunks of Stuxnet's massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown."Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner, who last week became the first to publicly detail Stuxnet's destructive purpose and its authors' malicious intent. "This is not about espionage, as some have said. This is a 100 percent sabotage attack."A guided cyber missileOn his website, Langner lays out the Stuxnet code he has dissected. He shows step by step how Stuxnet operates as a guided cyber missile. Three top US industrial control system security experts, each of whom has also independently reverse-engineered portions of Stuxnet, confirmed his findings to the Monitor."His technical analysis is good," says a senior US researcher who has analyzed Stuxnet, who asked for anonymity because he is not allowed to speak to the press. "We're also tearing [Stuxnet] apart and are seeing some of the same things."Other experts who have not themselves reverse-engineered Stuxnet but are familiar with the findings of those who have concur with Langner's analysis."What we're seeing with Stuxnet is the first view of something new that doesn't need outside guidance by a human – but can still take control of your infrastructure," says Michael Assante, former chief of industrial control systems cyber security research at the US Department of Energy's Idaho National Laboratory. "This is the first direct example of weaponized software, highly customized and designed to find a particular target.""I'd agree with the classification of this as a weapon," Jonathan Pollet, CEO of Red Tiger Security and an industrial control system security expert, says in an e-mail.One researcher's findingsLangner's research, outlined on his website Monday, reveals a key step in the Stuxnet attack that other researchers agree illustrates its destructive purpose. That step, which Langner calls "fingerprinting," qualifies Stuxnet as a targeted weapon, he says.Langner zeroes in on Stuxnet's ability to "fingerprint" the computer system it infiltrates to determine whether it is the precise machine the attack-ware is looking to destroy. If not, it leaves the industrial computer alone. It is this digital fingerprinting of the control systems that shows Stuxnet to be not spyware, but rather attackware meant to destroy, Langner says.Stuxnet's ability to autonomously and without human assistance discriminate among industrial computer systems is telling. It means, says Langner, that it is looking for one specific place and time to attack one specific factory or power plant in the entire world."Stuxnet is the key for a very specific lock – in fact, there is only one lock in the world that it will open," Langner says in an interview. "The whole attack is not at all about stealing data but about manipulation of a specific industrial process at a specific moment in time. This is not generic. It is about destroying that process."So far, Stuxnet has infected at least 45,000 industrial control systems around the world, without blowing them up – although some victims in North America have experienced some serious computer problems, Eric Byres, a Canadian expert, told the Monitor. Most of the victim computers, however, are in Iran, Pakistan, India, and Indonesia. Some systems have been hit in Germany, Canada, and the US, too. Once a system is infected, Stuxnet simply sits and waits – checking every five seconds to see if its exact parameters are met on the system. When they are, Stuxnet is programmed to activate a sequence that will cause the industrial process to self-destruct, Langner says.Langner's analysis also shows, step by step, what happens after Stuxnet finds its target. Once Stuxnet identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the giant industrial controls company, the malware takes control. One of the last codes Stuxnet sends is an enigmatic “DEADF007.” Then the fireworks begin, although the precise function being overridden is not known, Langner says. It may be that the maximum safety setting for RPMs on a turbine is overridden, or that lubrication is shut off, or some other vital function shut down. Whatever it is, Stuxnet overrides it, Langner’s analysis shows."After the original code [on the PLC] is no longer executed, we can expect that something will blow up soon," Langner writes in his analysis. "Something big."For those worried about a future cyber attack that takes control of critical computerized infrastructure – in a nuclear power plant, for instance – Stuxnet is a big, loud warning shot across the bow, especially for the utility industry and government overseers of the US power grid."The implications of Stuxnet are very large, a lot larger than some thought at first," says Mr. Assante, who until recently was security chief for the North American Electric Reliability Corp. "Stuxnet is a directed attack. It's the type of threat we've been worried about for a long time. It means we have to move more quickly with our defenses – much more quickly."Has Stuxnet already hit its target?It might be too late for Stuxnet's target, Langner says. He suggests it has already been hit – and destroyed or heavily damaged. But Stuxnet reveals no overt clues within its code to what it is after.A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability.Could Stuxnet's target be Iran's Bushehr nuclear power plant, a facility much of the world condemns as a nuclear weapons threat?Langner is quick to note that his views on Stuxnet's target is speculation based on suggestive threads he has seen in the media. Still, he suspects that the Bushehr plant may already have been wrecked by Stuxnet. Bushehr's expected startup in late August has been delayed, he notes, for unknown reasons. (One Iranian official blamed the delay on hot weather.)But if Stuxnet is so targeted, why did it spread to all those countries? Stuxnet might have been spread by the USB memory sticks used by a Russian contractor while building the Bushehr nuclear plant, Langner offers. The same contractor has jobs in several countries where the attackware has been uncovered."This will all eventually come out and Stuxnet's target will be known," Langner says. "If Bushehr wasn't the target and it starts up in a few months, well, I was wrong. But somewhere out there, Stuxnet has found its target. We can be fairly certain of that."

FORT MEADE, Md. — The new commander of the military’s cyberwarfareoperations is advocating the creation of a separate, secure computer networkto protect civilian government agencies and critical industries like thenation’s power grid against attacks mounted over the Internet.

The officer, Gen. Keith B. Alexander, suggested that such a heavilyrestricted network would allow the government to impose greater protectionsfor the nation’s vital, official on-line operations. General Alexanderlabeled the new network “a secure zone, a protected zone.” Others havenicknamed it “dot-secure.”

It would provide to essential networks like those that tie together thebanking, aviation, and public utility systems the kind of protection thatthe military has built around secret military and diplomatic communicationsnetworks — although even these are not completely invulnerable.

For years, experts have warned of the risks of Internet attacks on civiliannetworks. An article published a few monthsago<http://www.nae.edu/Publications/TheBridge/Archives/TheElectricityGrid/18868.aspx[http://www.nae.edu/Publications/TheBridge/Archives/TheElectricityGrid/18868.aspx]>bythe National Academy of Engineering said that “cyber systems are the‘weakest link’ in the electricity system,” and that “security must bedesigned into the system from the start, not glued on as an afterthought.”

General Alexander, an Army officer who leads the military’s new CyberCommand, did not explain just where the fence should be built between theconventional Internet and his proposed secure zone, or how the gates wouldbe opened to allow appropriate access to information they need every day.General Alexander said the White House hopes to complete a policy review oncyber issues in time for Congress to debate updated or new legislation whenit convenes in January.

General Alexander’s new command is responsible for defending DefenseDepartment computer networks and, if directed by the president, carrying outcomputer-network attacks overseas.

But the military is broadly prohibited from engaging in law enforcementoperations on American soil without a presidential order, so the command’spotential role in assisting the Department of HomelandSecurity<http://topics.nytimes.com/top/reference/timestopics/organizations/h/homeland_security_department/index.html?inline=nyt-org>,the Federal Bureau ofInvestigation<http://topics.nytimes.com/top/reference/timestopics/organizations/f/federal_bureau_of_investigation/index.html?inline=nyt-org>orthe Department of Energy in the event of a major attack inside the UnitedStates has not been set down in law or policy.

“There is a real probability that in the future, this country will get hitwith a destructive attack, and we need to be ready for it,” GeneralAlexander said in a roundtable with reporters at the NationalCryptologic<http://topics.nytimes.com/top/news/business/companies/cryptologic-ltd/index.html?inline=nyt-org>Museumhere at Fort Meade in advance of his Congressional testimony on Thursdaymorning.

“I believe this is one of the most critical problems our country faces,” hesaid. “We need to get that right. I think we have to have a discussion aboutroles and responsibilities: What’s the role of Cyber Command? What’s therole of the ‘intel’ community? What’s the role of the rest of the DefenseDepartment? What’s the role of D.H.S.? And how do you make that team work?That’s going to take time.”

Some critics have questioned whether the Defense Department can step upprotection of vital computer networks without crashing against the public’sability to live and work with confidence on the Internet. General Alexandersaid, “We can protect civil liberties and privacy and still do our mission.We’ve got to do that.”

Speaking of the civilian networks that are at risk, he said: “If one ofthose destructive attacks comes right now, I’m focused on the DefenseDepartment. What are the responsibilities — and I think this is part of thediscussion — for the power grid, for financial networks, for other criticalinfrastructure? How do you protect the country when it comes to that kind ofattack, and who is responsible for it?”

As General Alexander prepared for his testimony before the House ArmedServices Committee, the ranking Republican on the panel, Howard P. McKeon ofCalifornia, noted the Pentagon’s progress in expanding its cybercapabilities.

But he said that “many questions remain as to how Cyber Command will meetsuch a broad mandate” given the clear “vulnerabilities in cyberspace.”

The committee chairman, Rep. Ike Skelton, Democrat of Missouri, said that“cyberspace is an environment where distinctions and divisions betweenpublic and private, government and commercial, military and nonmilitary areblurred.” He said that it is important “that we engage in this discussion ina very direct way and include the public.”--------------------------------------------------------------------------

Federal law enforcement and national security officials arepreparing to seek sweeping new regulations for the Internet,arguing that their ability to wiretap criminal and terrorismsuspects is "going dark" as people increasingly communicateonline instead of by telephone.

Essentially, officials want Congress to require all servicesthat enable communications -- including encrypted e-mailtransmitters like BlackBerry, social networking Web siteslike Facebook and software that allows direct "peer to peer"messaging like Skype -- to be technically capable ofcomplying if served with a wiretap order. The mandate wouldinclude being able to intercept and unscramble encryptedmessages.

In a Computer Worm, a Possible Biblical ClueBy JOHN MARKOFF and DAVID E. SANGERPublished: September 29, 2010

Deep inside the computer worm that some specialists suspect is aimed at slowing Iran’s race for a nuclear weapon lies what could be a fleeting reference to the Book of Esther, the Old Testament tale in which the Jews pre-empt a Persian plot to destroy them.

That use of the word “Myrtus” — which can be read as an allusion to Esther — to name a file inside the code is one of several murky clues that have emerged as computer experts try to trace the origin and purpose of the rogue Stuxnet program, which seeks out a specific kind of command module for industrial equipment.

Not surprisingly, the Israelis are not saying whether Stuxnet has any connection to the secretive cyberwar unit it has built inside Israel’s intelligence service. Nor is the Obama administration, which while talking about cyberdefenses has also rapidly ramped up a broad covert program, inherited from the Bush administration, to undermine Iran’s nuclear program. In interviews in several countries, experts in both cyberwar and nuclear enrichment technology say the Stuxnet mystery may never be solved.

There are many competing explanations for myrtus, which could simply signify myrtle, a plant important to many cultures in the region. But some security experts see the reference as a signature allusion to Esther, a clear warning in a mounting technological and psychological battle as Israel and its allies try to breach Tehran’s most heavily guarded project. Others doubt the Israelis were involved and say the word could have been inserted as deliberate misinformation, to implicate Israel.

“The Iranians are already paranoid about the fact that some of their scientists have defected and several of their secret nuclear sites have been revealed,” one former intelligence official who still works on Iran issues said recently. “Whatever the origin and purpose of Stuxnet, it ramps up the psychological pressure.”

So a calling card in the code could be part of a mind game, or sloppiness or whimsy from the coders.

The malicious code has appeared in many countries, notably China, India, Indonesia and Iran. But there are tantalizing hints that Iran’s nuclear program was the primary target. Officials in both the United States and Israel have made no secret of the fact that undermining the computer systems that control Iran’s huge enrichment plant at Natanz is a high priority. (The Iranians know it, too: They have never let international inspectors into the control room of the plant, the inspectors report, presumably to keep secret what kind of equipment they are using.)

The fact that Stuxnet appears designed to attack a certain type of Siemens industrial control computer, used widely to manage oil pipelines, electrical power grids and many kinds of nuclear plants, may be telling. Just last year officials in Dubai seized a large shipment of those controllers — known as the Simatic S-7 — after Western intelligence agencies warned that the shipment was bound for Iran and would likely be used in its nuclear program.

“What we were told by many sources,” said Olli Heinonen, who retired last month as the head of inspections at the International Atomic Energy Agency in Vienna, “was that the Iranian nuclear program was acquiring this kind of equipment.”

Also, starting in the summer of 2009, the Iranians began having tremendous difficulty running their centrifuges, the tall, silvery machines that spin at supersonic speed to enrich uranium — and which can explode spectacularly if they become unstable. In New York last week, Iran’s president, Mahmoud Ahmadinejad, shrugged off suggestions that the country was having trouble keeping its enrichment plants going.

Yet something — perhaps the worm or some other form of sabotage, bad parts or a dearth of skilled technicians — is indeed slowing Iran’s advance.

The reports on Iran show a fairly steady drop in the number of centrifuges used to enrich uranium at the main Natanz plant. After reaching a peak of 4,920 machines in May 2009, the numbers declined to 3,772 centrifuges this past August, the most recent reporting period. That is a decline of 23 percent. (At the same time, production of low-enriched uranium has remained fairly constant, indicating the Iranians have learned how to make better use of fewer working machines.)

Computer experts say the first versions of the worm appeared as early as 2009 and that the sophisticated version contained an internal time stamp from January of this year.

These events add up to a mass of suspicions, not proof. Moreover, the difficulty experts have had in figuring out the origin of Stuxnet points to both the appeal and the danger of computer attacks in a new age of cyberwar.

For intelligence agencies they are an almost irresistible weapon, free of fingerprints. Israel has poured huge resources into Unit 8200, its secretive cyberwar operation, and the United States has built its capacity inside the National Security Agency and inside the military, which just opened a Cyber Command.

But the near impossibility of figuring out where they came from makes deterrence a huge problem — and explains why many have warned against the use of cyberweapons. No country, President Obama was warned even before he took office, is more vulnerable to cyberattack than the United States.

=========

Page 2 of 2)

For now, it is hard to determine if the worm has infected centrifuge controllers at Natanz. While the S-7 industrial controller is used widely in Iran, and many other countries, even Siemens says it does not know where it is being used. Alexander Machowetz, a spokesman in Germany for Siemens, said the company did no business with Iran’s nuclear program. “It could be that there is equipment,” he said in a telephone interview. “But we never delivered it to Natanz.”

But Siemens industrial controllers are unregulated commodities that are sold and resold all over the world — the controllers intercepted in Dubai traveled through China, according to officials familiar with the seizure.

Ralph Langner, a German computer security consultant who was the first independent expert to assert that the malware had been “weaponized” and designed to attack the Iranian centrifuge array, argues that the Stuxnet worm could have been brought into the Iranian nuclear complex by Russian contractors.

“It would be an absolute no-brainer to leave an infected USB stick near one of these guys,” he said, “and there would be more than a 50 percent chance of having him pick it up and infect his computer.”

There are many reasons to suspect Israel’s involvement in Stuxnet. Intelligence is the single largest section of its military and the unit devoted to signal, electronic and computer network intelligence, known as Unit 8200, is the largest group within intelligence.

Yossi Melman, who covers intelligence for the newspaper Haaretz and is at work on a book about Israeli intelligence over the past decade, said in a telephone interview that he suspected that Israel was involved.

He noted that Meir Dagan, head of Mossad, had his term extended last year partly because he was said to be involved in important projects. He added that in the past year Israeli estimates of when Iran will have a nuclear weapon had been extended to 2014.

“They seem to know something, that they have more time than originally thought,” he said.

Then there is the allusion to myrtus — which may be telling, or may be a red herring.

Several of the teams of computer security researchers who have been dissecting the software found a text string that suggests that the attackers named their project Myrtus. The guava fruit is part of the Myrtus family, and one of the code modules is identified as Guava.

It was Mr. Langner who first noted that Myrtus is an allusion to the Hebrew word for Esther. The Book of Esther tells the story of a Persian plot against the Jews, who attacked their enemies pre-emptively.

“If you read the Bible you can make a guess,” said Mr. Langner, in a telephone interview from Germany on Wednesday.

Carol Newsom, an Old Testament scholar at Emory University, confirmed the linguistic connection between the plant family and the Old Testament figure, noting that Queen Esther’s original name in Hebrew was Hadassah, which is similar to the Hebrew word for myrtle. Perhaps, she said, “someone was making a learned cross-linguistic wordplay.”

But other Israeli experts said they doubted Israel’s involvement. Shai Blitzblau, the technical director and head of the computer warfare laboratory at Maglan, an Israeli company specializing in information security, said he was “convinced that Israel had nothing to do with Stuxnet.”

“We did a complete simulation of it and we sliced the code to its deepest level,” he said. “We have studied its protocols and functionality. Our two main suspects for this are high-level industrial espionage against Siemens and a kind of academic experiment.”

Mr. Blitzblau noted that the worm hit India, Indonesia and Russia before it hit Iran, though the worm has been found disproportionately in Iranian computers. He also noted that the Stuxnet worm has no code that reports back the results of the infection it creates. Presumably, a good intelligence agency would like to trace its work.

The computer worm Stuxnet broke out of the tech underworld and into the mass media this week. It’s an amazing story: Stuxnet has infected roughly 45,000 computers. Sixty percent of these machines happen to be in Iran. Which is odd. What is odder still is that Stuxnet is designed specifically to attack a computer system using software from Siemens which controls industrial facilities such as factories, oil refineries, and oh, by the way, nuclear power plants. As you might imagine, Stuxnet raises big, interesting geo-strategic questions. Did a state design it as an attack on the Iranian nuclear program? Was it a private group of vigilantes? Some combination of the two? Or something else altogether?

But it’s worth pausing to contemplate Stuxnet on its own terms, and understand why the tech nerds were so doomsday-ish about it in the first place. We should start at the beginning.

A computer worm is distinct from a virus. A virus is a piece of code which attaches itself to other programs. A worm is a program by itself, which exists on its own within a computer. A good (meaning really bad) worm must do several things quite subtly: It must find its way onto the first machine by stealth. While a resident, it must remain concealed. Then it must have another stealthy method of propagating to other computers. And finally, it must have a purpose. Stuxnet achieved all of these goals with astounding elegance.

The Stuxnet worm was first discovered on June 17, 2010 by VirusBlokAda, a digital security company in Minsk. Over the next few weeks, tech security firms began trying to understand the program, but the overall response was slow because Stuxnet was so sophisticated. On July 14, Siemens was notified of the danger Stuxnet posed to its systems. At the time, it was believed that Stuxnet exploited a “zero day” vulnerability (that is, a weak point in the code never foreseen by the original programmers) in Microsoft’s Windows OS. Microsoft moved within days to issue a patch.

By August, the details of Stuxnet were becoming clearer. Researchers learned troubling news: The virus sought to over-ride supervisory control and data acquisition (SCADA) systems in Siemens installations. SCADA systems are not bits of virtual ether—they control all sorts of important industrial functions. As the Christian Science Monitor notes, a SCADA system could, for instance, override the maximum safety setting for RPMs on a turbine. Cyber security giant Symantec warned:

Stuxnet can potentially control or alter how [an industrial] system operates. A previous historic example includes a reported case of stolen code that impacted a pipeline. Code was secretly “Trojanized’” to function properly and only some time after installation instruct the host system to increase the pipeline’s pressure beyond its capacity. This resulted in a three kiloton explosion, about 1/5 the size of the Hiroshima bomb.

As the days ticked by, Microsoft realized that Stuxnet was using not just one zero-day exploit but four of them. Symantec’s Liam O’Murchu told Computer World, “Using four zero-days, that’s really, really crazy. We’ve never seen that before.”

Still, no one knew where Stuxnet had come from. A version of the worm from June 2009 was discovered and when the worm’s encryption was finally broken, a digital time stamp on one of the components (the ~wtr4141.tmp file, in case you’re keeping score at home) put the time of compilation—the worm’s birthday—as February 3, 2009.

The functionality of Stuxnet is particularly interesting. The worm gains initial access to a system through a simple USB drive. When an infected USB drive is plugged into a machine, the computer does a number of things automatically. One of them is that it pulls up icons to be displayed on your screen to represent the data on the drive. Stuxnet exploited this routine to pull the worm onto the computer. The problem, then, is that once on the machine, the worm becomes visible to security protocols, which constantly query files looking for malware. To disguise itself, Stuxnet installs what’s called a “rootkit”—essentially a piece of software which intercepts the security queries and sends back false “safe” messages, indicating that the worm is innocuous.

The trick is that installing a rootkit requires using drivers, which Windows machines are well-trained to be suspicious of. Windows requests that all drivers provide verification that they’re on the up-and-up through presentation of a secure digital signature. These digital keys are closely-guarded secrets. Yet Stuxnet’s malicious drivers were able to present genuine signatures from two genuine computer companies, Realtek Semiconductor and JMichron Technologies. Both firms have offices in the same facility, Hsinchu Science Park, in Taiwan. No one knows how the Stuxnet creators got hold of these keys, but it seems possible that they were physically—as opposed to digitally—stolen.

So the security keys enable the drivers, which allow the installation of the rootkit, which hides the worm that was delivered by the corrupt USB drive. Stuxnet’s next job was to propagate itself efficiently, but quietly. Whenever another USB drive was inserted into an infected computer, it becomes infected, too. But in order to reduce visibility and avoid detection, the Stuxnet creators set up a system so that each infected USB drive could only pass the worm on to three other computers.

Stuxnet was not designed to spread over the Internet at large. (We think.) It was, however, able to spread over local networks—primarily by using the print spooler that runs printers shared by a group of computers. And once it reached a computer with access to the Internet it began communicating with a command-and-control server—the Stuxnet mothership. The C&C servers were located in Denmark and Malaysia and were taken off-line after they were discovered. But while they were operational, Stuxnet would contact them to deliver information it had gathered about the system it had invaded and to request updated versions of itself. You see, the worm’s programmers had also devised a peer-to-peer sharing system by which a Stuxnet machine in contact with C&C would download newer versions of itself and then use it to update the older worms on the network.

And then there’s the actual payload. Once a resident of a Windows machine, Stuxnet sought out systems running the WinCC and PCS 7 SCADA programs. It then began reprogramming the programmable logic control (PLC) software and making changes in a piece of code called Operational Block 35. It’s this last bit—the vulnerability of PLC—which is at the heart of the concern about Stuxnet. A normal worm has Internet consequences. It might eat up bandwidth or slow computers down or destroy code or even cost people money. But PLC protocols interact with real-world machinery – for instance, turn this cooling system on when a temperature reaches a certain point, shut that electrical system off if the load exceeds a given level, and so on.

To date, no one knows exactly what Stuxnet was doing in the Siemens PLC. “It’s looking for specific things in specific places in these PLC devices,” Digital Bond CEO Dale Peterson told PC World. “And that would really mean that it’s designed to look for a specific plant.” Tofino Security Chief Technology Officer Eric Byres was even more ominous, saying, “The only thing I can say is that it is something designed to go bang.” Even the worm’s code suggests calamity. Ralph Langner is the most prominent Stuxnet sleuth and he notes that one of the last bits of code in the worm is the line “DEADF007.” (Presumably a dark joke about “deadf*ckers” and the James Bond call-sign “007.") “After the original code is no longer executed, we can expect that something will blow up soon,” Langner says somewhat dramatically. “Something big.”

The most important question is what that “something big” might be.

But there is another intriguing question: How did Stuxnet spread as far as it did? The worm is, as a physical piece of code, very large. It’s written in multiple languages and weighs in at nearly half a megabyte, which is one of the reasons there are still many pieces of it that we don’t understand. And one of those puzzles is how Stuxnet found its way onto so many computers so far away from one another. Iran is the epicenter, but Stuxnet is found in heavy concentrations in Pakistan, Indonesia, and India, too, and even as far away as Russia, Uzbekistan, and Azerbaijan. By the standards of modern worms, the 45,000 computers infected by Stuxnet is piddling. But if Stuxnet really can only propagate via local networks and USB drives, how did it reach even that far?

Stuxnet is already the most studied piece of malware ever, absorbing the attention of engineers and programmers across the globe, from private companies to academics, to government specialists. And yet despite this intense scrutiny, the worm still holds many secrets.

There's a new cyber-weapon on the block. And it's a doozy. Stuxnet, a malicious software, or malware, program was apparently first discovered in June.

Although it has appeared in India, Pakistan and Indonesia, Iran's industrial complexes - including its nuclear installations - are its main victims.

Stuxnet operates as a computer worm. It is inserted into a computer system through a USB port rather than over the Internet, and is therefore capable of infiltrating networks that are not connected to the Internet.

Hamid Alipour, deputy head of Iran's Information Technology Company, told reporters Monday that the malware operated undetected in the country's computer systems for about a year.

After it enters a network, this super-intelligent program figures out what it has penetrated and then decides whether or not to attack. The sorts of computer systems it enters are those that control critical infrastructures like power plants, refineries and other industrial targets.

Ralph Langner, a German computer security researcher who was among the first people to study Stuxnet, told various media outlets that after Stuxnet recognizes its specific target, it does something no other malware program has ever done. It takes control of the facility's SCADA (supervisory control and data acquisition system) and through it, is able to destroy the facility.

No other malware program has ever managed to move from cyberspace to the real world. And this is what makes Stuxnet so revolutionary. It is not a tool of industrial espionage. It is a weapon of war.

From what researchers have exposed so far, Stuxnet was designed to control computer systems produced by the German engineering giant Siemens. Over the past generation, Siemens engineering tools, including its industrial software, have been the backbone of Iran's industrial and military infrastructure. Siemens computer software products are widely used in Iranian electricity plants, communication systems and military bases, and in the country's Russian-built nuclear power plant at Bushehr.

The Iranian government has acknowledged a breach of the computer system at Bushehr. The plant was set to begin operating next month, but Iranian officials announced the opening would be pushed back several months due to the damage wrought by Stuxnet. On Monday, Channel 2 reported that Iran's Natanz uranium enrichment facility was also infected by Stuxnet.

On Tuesday, Alipour acknowledged that Stuxnet's discovery has not mitigated its destructive power.

As he put it, "We had anticipated that we could root out the virus within one to two months. But the virus is not stable and since we started the cleanup process, three new versions of it have been spreading."

While so far no one has either taken responsibility for Stuxnet or been exposed as its developer, experts who have studied the program agree that its sophistication is so vast that it is highly unlikely a group of privately financed hackers developed it. Only a nation-state would have the financial, manpower and other resources necessary to develop and deploy Stuxnet, the experts argue.

Iran has pointed an accusatory finger at the US, Israel and India. So far, most analysts are pointing their fingers at Israel. Israeli officials, like their US counterparts, are remaining silent on the subject.

While news of a debilitating attack on Iran's nuclear installations is a cause for celebration, at this point, we simply do not know enough about what has happened and what is continuing to happen at Iran's nuclear installations to make any reasoned evaluation about Stuxnet's success or failure. Indeed, The New York Times has argued that since Stuxnet worms were found in Siemens software in India, Pakistan and Indonesia as well as Iran, reporting, "The most striking aspect of the fast-spreading malicious computer program... may not have been how sophisticated it was, but rather how sloppy its creators were in letting a specifically aimed attack scatter randomly around the globe."

ALL THAT we know for certain is that Stuxnet is a weapon and it is currently being used to wage a battle. We don't know if Israel is involved in the battle or not. And if Israel is a side in the battle, we don't know if we're winning or not.

But still, even in our ignorance about the details of this battle, we still know enough to draw a number of lessons from what is happening.

Stuxnet's first lesson is that it is essential to be a leader rather than a follower in technology development. The first to deploy new technologies on a battlefield has an enormous advantage over his rivals. Indeed, that advantage may be enough to win a war.

But from the first lesson, a second immediately follows. A monopoly in a new weapon system is always fleeting. The US nuclear monopoly at the end of World War II allowed it to defeat Imperial Japan and bring the war to an end in allied victory.

Once the US exposed its nuclear arsenal, however, the Soviet Union's race to acquire nuclear weapons of its own began. Just four years after the US used its nuclear weapons, it found itself in a nuclear arms race with the Soviets. America's possession of nuclear weapons did not shield it from the threat of their destructive power.

The risks of proliferation are the flipside to the advantage of deploying new technology. Warning of the new risks presented by Stuxnet, Melissa Hathaway, a former US national cybersecurity coordinator, told the Times, "Proliferation is a real problem, and no country is prepared to deal with it. All of these [computer security] guys are scared to death. We have about 90 days to fix this [new vulnerability] before some hacker begins using it."

Then there is the asymmetry of vulnerability to cyberweapons. A cyberweapon like Stuxnet threatens nation-states much more than it threatens a non-state actor that could deploy it in the future. For instance, a cyber-attack of the level of Stuxnet against the likes of Hizbullah or al-Qaida by a state like Israel or the US would cause these groups far less damage than a Hizbullah or al-Qaida cyber-attack of the quality of Stuxnet launched against a developed country like Israel or the US.

In short, like every other major new weapons system introduced since the slingshot, Stuxnet creates new strengths as well as new vulnerabilities for the states that may wield it.

As to the battle raging today in Iran's nuclear facilities, even if the most optimistic scenario is true, and Stuxnet has crippled Iran's nuclear installations, we must recognize that while a critical battle was won, the war is far from over.

A war ends when one side permanently breaks its enemy's ability and will to fight it. This has clearly not happened in Iran.

Iranian President Mahmoud Ahmadinejad made it manifestly clear during his visit to the US last week that he is intensifying, not moderating, his offensive stance towards the US, Israel and the rest of the free world. Indeed, as IDF Deputy Chief of Staff Maj.-Gen. Benny Ganz noted last week, "Iran is involved up to its neck in every terrorist activity in the Middle East."

So even in the rosiest scenario, Israel or some other government has just neutralized one threat - albeit an enormous threat - among a panoply of threats that Iran poses. And we can be absolutely certain that Iran will take whatever steps are necessary to develop new ways to threaten Israel and its other foes as quickly as possible.

What this tells us is that if Stuxnet is an Israeli weapon, while a great achievement, it is not a revolutionary weapon. While the tendency to believe that we have found a silver bullet is great, the fact is that fielding a weapon like Stuxnet does not fundamentally change Israel's strategic position. And consequently, it should have no impact on Israel's strategic doctrine.

In all likelihood, assuming that Stuxnet has significantly debilitated Iran's nuclear installations, this achievement will be a one-off. Just as the Arabs learned the lessons of their defeat in 1967 and implemented those lessons to great effect in the war in 1973, so the Iranians - and the rest of Israel's enemies - will learn the lessons of Stuxnet.

SO IF we assume that Stuxnet is an Israeli weapon, what does it show us about Israel's position vis-à-vis its enemies? What Stuxnet shows is that Israel has managed to maintain its technological advantage over its enemies. And this is a great relief. Israel has survived since 1948 despite our enemies' unmitigated desire to destroy us because we have continuously adapted our tactical advantages to stay one step ahead of them. It is this adaptive capability that has allowed Israel to win a series of one-off battles that have allowed it to survive.

But again, none of these one-off battles were strategic game-changers. None of them have fundamentally changed the strategic realities of the region. This is the case because they have neither impacted our enemies' strategic aspiration to destroy us, nor have they mitigated Israel's strategic vulnerabilities. It is the unchanging nature of these vulnerabilities since the dawn of modern Zionism that gives hope to our foes that they may one day win and should therefore keep fighting.

Israel has two basic strategic vulnerabilities.

The first is Israel's geographic minuteness, which attracts invaders. The second vulnerability is Israel's political weakness both at home and abroad, which make it impossible to fight long wars.

Attentive to these vulnerabilities, David Ben- Gurion asserted that Israel's military doctrine is the twofold goal to fight wars on our enemies' territory and to end them as swiftly and as decisively as possible. This doctrine remains the only realistic option today, even if Stuxnet is in our arsenal.

It is important to point this plain truth out today as the excitement builds about Stuxnet, because Israel's leaders have a history of mistaking tactical innovation and advantage with strategic transformation. It was our leaders' failure to properly recognize what happened in 1967 for the momentary tactical advantage it was that led us to near disaster in 1973.

Since 1993, our leaders have consistently mistaken their adoption of the West's land-forpeace paradigm as a strategic response to Israel's political vulnerability. The fact that the international assault on Israel's right to exist has only escalated since Israel embraced the landfor- peace paradigm is proof that our leaders were wrong. Adopting the political narrative of our enemies did not increase Israel's political fortunes in Europe, the US or the UN.

So, too, our leaders have mistaken Israel's air superiority for a strategic answer to its geographical vulnerability. The missile campaigns the Palestinians and Lebanese have waged against the home front in the aftermath of Israel's withdrawals from Gaza and south Lebanon show clearly that air supremacy does not make up for geographic vulnerability. It certainly does not support a view that strategic depth is less important than it once was.

I gather that the Chinese military has identified our reliance on cybertechnology to be a major weak link for our military and that therefore they are applying considerable effort and intelligence to how they can disable our capabilities via this sort of thing.

According to the Pentagon’s 2007 Report on Chinese Military Power, “In 2005, the PLA began to incorporate offensive [Computer Network Operations] into its exercises, primarily in first strikes against enemy networks.”

Chinese military doctrine now includes what they call “assassin’s mace” (sha shou jian) programs which are asymmetric warfare strategies devised to take advantage of Chinese advantages in technology against vulnerabilities of potential adversaries. Cyberwar is first among equals among the assassin’s mace programs.

PoliticsInternet Traffic from U.S. Government Websites Was Redirected Via Chinese Servers

By Joshua Rhett Miller

Published November 16, 2010

When 15 percent of the world's Internet traffic -- including the Pentagon, Defense Secretary Robert Gates office, the Senate and several U.S. government agencies — was redirected last April onto computer routers in China, it also may have left the sites vulnerable to surveillance — or worse.

Nearly 15 percent of the world's Internet traffic -- including data from the Pentagon, the office of Defense Secretary Robert Gates and other U.S. government websites -- was briefly redirected through computer networks in China last April, according to a congressional commission report obtained by FoxNews.com.

It was not immediately clear whether the incident was deliberate, but the April 18 redirection could have enabled malicious activities and potentially caused an unintended "diversion of data" from many U.S. government, military and commercial websites, the U.S.-China Economic and Security Review Commission states in a 316-page report to Congress.

A draft copy of the report was obtained on Tuesday by FoxNews.com. The final 2010 annual report to Congress will be released during a press conference in Washington on Wednesday.

According to the draft report, a state-owned Chinese telecommunications firm, China Telecom, "hijacked" massive volumes of Internet traffic during the 18-minute incident. It affected traffic to and from .gov and .mil websites in the United States, as well as websites for the Senate, all four military services, the office of the Secretary of Defense, the National Oceanic and Atmospheric Administration and "many others," including websites for firms like Dell, Yahoo, IBM and Microsoft.

"Although the Commission has no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data, incidents of this nature could have a number of serious implications," the report reads. "This level of access could enable surveillance of specific users or sites."

Citing a separate cyberattack against Google's operations in China earlier this year, the report notes China's history of "malicious computer activities" that "raise questions about whether China might seek intentionally to leverage these abilities to assert some level of control over the Internet, even for a brief period."

The report continues, "Any attempt to do this would likely be counter to the interests of the United States and other countries. At the very least, these incidents demonstrate the inherent vulnerabilities in the Internet's architecture that can affect all Internet users and beneficiaries at home and abroad."

Chris Smoak, a research scientist at the Georgia Tech Research Institute, said, whether intentional or accidental, incidents like the one on April 18 occur "two or three times a year" as large amounts of data are routed through multiple nations. He declined to indicate whether he believes the incident was deliberate.

"There's no way to really say," Smoak said. "Due to the short duration, it's very difficult to say."

Smoak said security vulnerabilities pertaining to Internet routing processes is one of the more "unfortunate aspects" of the digital age.

"They weren't designed with security in mind, they were designed with performance in mind and the end result," he said referring to the routing system. "We're very susceptible in that anyone could do this at any time."

The report details how the Internet routing process is susceptible to manipulation and lists how the exchange of data between networking equipment typically relies on "trust-based" transactions.

The report reads: "If a computer user in California, for example, seeks to visit a website hosted in Texas, the data would likely make several 'hops' (that is, transit multiple servers) along the way," the report reads. "Data are supposed to travel along the most efficient route. However, Internet infrastructure does not necessarily correlate to the geographical world in a predictable way, so it would be unusual for data to transit a server physically located in Georgia, or some other somewhat removed location."

The process, however, could be subject to manipulation if networking equipment in a remote location, such as China, advertised a route claiming to be the most efficient data path. Effectively, Smoak said, the servers will try to get the information to its destination by the fastest means possible, but the data could conceivably be censored or changed altogether.

"It's an unfortunate aspect of the technology we use today," Smoak said. "It's all based on trust."

Sam Masiello, director of threat management at McAfee, said the security breach could have been potentially "very damaging" given the large amounts of data transferred across the Internet every second.

"It could potentially be very damaging, the reason being you don't know what traffic was being routed to those servers at the time," Masiello told FoxNews.com. "But if you're the criminal, how do you identify [sensitive information]? It's like trying to find a very small needle in a very, very large haystack."

Masiello said he did not find any evidence leading him to believe that the incident was intentional, but noted increasing number of cyberattacks emanating from China.

"We've certainly seen a lot of Internet crime coming out of China and a lot of criminals that are based out of China, but as far as an actual link back to China Telecom, it's very difficult to say," Masiello said. "Who's to say criminals did not get into China Telecom? But the fact of the matter remains, we've seen a lot of cybercrime emanating out of China in the past year."

Regardless of the intention behind the breach, Masiello concluded: "This type of attack shows there is a vulnerability in the Internet system, even if someone if able to hijack it for a very short period of time."

And what was the same accused cybercriminal doing this summer when he allegedly tapped into the secure computers of a large Defense Department contractor that managed systems for military transport movements and other U.S. military operations?

Those are among the puzzling questions raised by allegations against Lin Mun Poo, a 32-year-old Malaysia native whose case illustrates the mounting national secrets threats posed by overseas cyberattacks, U.S. law enforcement and intelligence officials tell NBC News.

The U.S. government’s case against Poo, who was arraigned in federal court in Brooklyn on Monday and entered a plea of not guilty, has so far gotten little attention. But many of the allegations against him seem alarming on their face, according to cybercrime experts. "This is scary stuff," said one U.S. law enforcement official. Poo was arrested by Secret Service agents last month shortly after flying into New York's John F. Kennedy airport with a "heavily encrypted" laptop computer containing a "massive quantity of stolen financial account data," including more than 400,000 credit card, debit card and bank account numbers, according to a letter filed by federal prosecutors last week laying out a "factual proffer" of their evidence against Poo. [ Click here to read the prosecutors' letter in PDF format.]

He later confessed to federal agents that he had gotten the credit and bank card data by tapping into the computer networks of "several major international banks" and companies, and that he expected to use the data for personal profit, either by selling it or trading it, according to the prosecutors' letter.

Poo's court-appointed lawyer did not respond to a request from NBC News for comment.

'Impressive level of criminal activity' But far more disturbing, according to U.S. intelligence officials and computer crime experts, was his penetration of both a Federal Reserve network of 10 computers in Cleveland as well as the secure networks of a "major" Defense Department contractor. According to the prosecutors' letter, the Pentagon contractor, which has not been identified, provides system management for military transport and other "highly-sensitive military operations."

"To have the skills to break into highly sensitive systems like that is an impressive level of criminal activity," said Kurt Baumgartner, a senior security researcher for Kaspersky Lab, a computer security firm.

While there is much about Poo's alleged activities that remain unexplained — including his purpose in accessing the military contractor's computers — his case underscores the continued vulnerabilities of computer networks that are critical to the country’s national security, U.S. intelligence experts said.

"If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians, the people with real capabilities, are able to do," said one former senior U.S. intelligence official, who monitored cyberthreats and asked for anonymity in order to speak candidly.In fact, the penetration of sensitive national security computers by overseas hackers — many of them believed to be state sponsored — is rapidly emerging as one of the country’s most alarming national security threats, officials said. And the threat is not just from foreign governments and for-profit hackers. Officials have also expressed worries that terrorist groups may be capable of the same sorts of sophisticated penetrations.

U.S. Undersecretary of Defense Bill Lynn recently disclosed in a Foreign Affairs article that the Pentagon suffered a significant compromise of its classified military computer networks in 2008, when officials discovered that a malicious computer code had been inserted into a U.S. military laptop at a base in the Middle East. ( Click here to read the Foreign Affairs article, registration required.)The flash drive's code was placed there by a "foreign intelligence agency," Lynn wrote, and quickly spread to the classified network run by the U.S. Central Command. This in turn prompted a Pentagon operation to neutralize the penetration, which was code-named "Buckshot Yankee," according to Lynn’s article.

"There was massive concern about that," the former U.S. intelligence official said of the 2008 penetration. "People were freaked out."

The foreign intelligence agency was widely believed to be Russia's, the former official said. The country's agents were attempting to "exfiltrate" data from the classified Central Command computers, but Pentagon officials were never able to determine whether they had succeeded in doing so, the official added.

That same year, in an incident first reported by Newsweek in November and later amplified in Bob Woodward's recent book, "Obama's Wars," Chinese hackers penetrated the campaign computers of the Barack Obama and John McCain presidential campaigns, prompting the Bush White House to advise both camps to take countermeasures to protect their data.

Related article: China web hijacking shows Net at risk

As Lynn presented the problem in his article, the penetrations of U.S. military data are growing "exponentially," one of the key reasons the Pentagon recently set up the United States Cyber Command to beef up defenses.

"Every day, U.S. military and civilian networks are probed thousands of times and scanned millions of times," Lynn wrote. "Adversaries have acquired thousands of files from U.S. networks and from the networks of U.S. allies and industry partners, including weapons blueprints, operational plans and surveillance data."

So far, it is unclear whether Poo’s alleged hacking created any comparable compromise of sensitive U.S. government data. Federal prosecutors allege that he hacked into the Federal Reserve computers in Cleveland by transmitting "malicious" computer codes and commands and that the attack resulted in "thousands of dollars in damages" that affected "10 or more" Federal Reserve computers.Advertisement | ad infoBut June Gates, a spokeswoman for the Federal Reserve in Cleveland, said the penetration was restricted to a network of "test" computers used for checking out new software and applications and did not contain sensitive Federal Reserve data about banks in the region. She declined, however, to respond to questions about whether Federal Reserve officials were aware of the hacking attack when it occurred in June — or only learned about it last month after Secret Service agents seized Poo’s computer.

Troop movements compromised? Pentagon officials said Sunday they were unable to respond immediately to questions about whether Poo's hacking of the contractor's computers had compromised military troop movements. But spokesman Bryan Whitman said in an e-mailed statement to NBC News: "We are keenly aware that our networks are being probed everyday. That's precisely why we have a very robust and layered active defense to protect our networks and preserve our freedom of movement in this domain."

Another critical question is whether Poo was working with a larger hacking network and, if so, who may have been a part of it. The indictment against him alleges that he acted "together with others." But the indictment does not identify any co-conspirators. It also does not indicate what Poo expected to do with the data he may have accessed by hacking into the Pentagon contractor computers. [ Click here to read the indictment in PDF format.]

Baumgartner, the computer crime expert, said that so far the information about Poo hacking into military contractor and Federal Reserve computers does not seem to square with the seemingly run-of-the-mill purpose behind his acquisition of stolen credit card and ATM data. He was arrested hours after his arrival at JFK when undercover Secret Service agents observed him allegedly selling stolen credit numbers for $1,000 at a diner in Brooklyn."It doesn’t add up," Baumgartner said. "This doesn't fit with a profile of somebody from overseas that has infiltrated a defense contractor and the Federal Reserve."

So far, almost nothing is known about who Poo really is, what his motivations are, and who his accomplices might be. But Baumgartner said he believes "that there's a lot more to do this story that hasn't come out."

By MORTIMER ZUCKERMAN Several years ago, during the presidency of George W. Bush, many banks and Wall Street firms were knocked offline. The financial industry, which had long been considered to have the best safeguards against cyberinfections in the private sector, discovered its computers had been penetrated by a worm, so-called because a virus grown on one computer can worm its way to millions of others. Mr. Bush asked then Treasury Secretary Hank Paulson to examine what it would take to protect our critical infrastructures. The upshot was that steps were taken to strengthen the security of the military networks, but little else was done.

The major shock about the mischievous WikiLeaks—even more than the individual headline items—is that it dramatizes how vulnerable we still are. Digitization has made it easier than ever to penetrate messages and download vast volumes of information. Our information systems have become the most aggressively targeted in the world. Each year, attacks increase in severity, frequency, and sophistication. On July 4, 2009, for instance there was an assault on U.S. government sites—including the White House—as well as the New York Stock Exchange and Nasdaq. There were similar attacks that month on websites in South Korea. In 2008, our classified networks, which we thought were inviolable, were penetrated. Three young hackers managed to steal 170 million credit-card numbers before the ringleader was arrested in 2008.

The Internet was originally intended for thousands of researchers, not billions of users who did not know and trust one another. The designers placed a higher priority on decentralization than on security. They never dreamed the Internet could be used for commercial purposes or that it would eventually control critical systems and undergird the world of finance. So it is not surprising that the Internet creators were comfortable with a network of networks rather than separate networks for government, finance and other sectors.

A symbol to many of the open communication of American culture, the Internet has thus evolved into a two-edged sword. Our extensive systems facilitate control of pipelines, airlines and railroads; they energize commerce and private banking. They give us rapid access to medical and criminal records. But they also offer a growing target for terrorists and thieves.

View Full Image

Corbis .Most people who experience "malware" have been victims of so-called phishing, whereby criminals pretending to be bank employees, for example, trick the gullible into revealing account numbers and passwords. But cyberwarriors can do damage on a much larger scale, as former White House counterterrorism czar Richard Clarke points out in his revealing book "CyberWar," published earlier this year. They can tap into these networks and move money, spill oil, vent gas, blow up generators, derail trains, crash airplanes, cause missiles to detonate, and wipe out reams of financial and supply-chain data. Havoc can be created at the blink of an eye from remote locations overseas. Criminal groups, nation-states, terrorists and military organizations are at work exfiltrating vast amounts of data from the U.S. public and private sectors.

Another worrisome threat is the distributed denial of service attack, a deluge of Internet traffic specifically intended to crash or jam networks. Hackers using malicious computer code can mobilize a "botnet," or robotic network, of hundreds of thousands of machines that simultaneously visit certain websites to shut them down.

More recently, a virus that targets special industrial equipment has become widely known as the "Stuxnet" attack. This is the worm that this fall reportedly infiltrated the computers controlling Iran's nuclear centrifuge facilities, thereby delaying or even destroying its nuclear-weapons program (the one Iran denies it has). It is the world's first-known super cyberweapon designed specifically to destroy a real-world target.

Similarly, many believe that the immobilization of hundreds of key sites in independent Georgia in 2008 was a Russian government operation accompanying its kinetic war in support of breakaway regions in the former Soviet republic. In a cyberattack on South Korea last year, an estimated 166,000 computers in 74 countries flooded the websites of Korean banks and government agencies, jamming their fiber optic cables.

Mr. Clarke argues in his book that China is one of the key players in developing a cyberwar capability. The Chinese use private hackers to engage in widespread penetration of U.S. and European networks, successfully copying and exporting huge volumes of data. That's on top of their capacity to attack and degrade our computer systems and shut down our critical networks. He believes that the secrets behind everything from pharmaceutical formulas, bioengineering designs, and nanotechnologies to weapons systems and everyday industrial products have been stolen by the Chinese army or private hackers who in turn give them to China.

The United States has done little to enhance the safety of the networks that bolster our economy. We urgently need to develop defensive software to protect these networks and create impermeable barriers to the profusion of malware. Network convergence—transporting all communications over a common network structure—increases the opportunities for and the consequences of disruptive cyberattacks. Hackers and cyberwarriors are constantly devising new ways to trick systems.

Not many people realize that all of our nation's air, land and sea forces rely on network technologies that are vulnerable to cyberweapons, including logistics, command and control, fleet positioning and targeting. If they are compromised or obliterated, the U.S. military would be incapable of operating. It does not help that there is a disproportion between offense and defense. The average malware has about 175 lines of code, which can attack defense software using between 5 million and 10 million lines of code.

It is currently incredibly challenging to figure out the source of an attack, and this in turn inhibits our capacity to prosecute the wrongdoers or retaliate. Malicious programmers are always able to find weaknesses and challenge security measures. The defender is always lagging behind the attacker.

The task is of such a scale that it needs nothing less than a souped-up Manhattan Project, like the kind that broke the scientific barriers to the bomb that ended World War II. Our vulnerabilities are increasing exponentially. Cyberterrorism poses a threat equal to that of weapons of mass destruction. A large scale attack could create an unimaginable degree of chaos in America.

We should think of cyberattacks as guided missiles and respond similarly—intercept them and retaliate. This means we need a federal agency dedicated to defending our various networks. You cannot expect the private sector to know how—or to have the money—to defend against a nation-state attack in a cyberwar. One suggestion recommended by Mr. Clarke is that the our government create a Cyber Defense Administration. He's right. Clearly, defending the U.S. from cyberattacks should be one of our prime strategic objectives.

Few nations have used computer networks as extensively as we have to control electric power grids, airlines, railroads, banking and military support. Few nations have more of these essential systems owned and operated by private enterprise. As with 9/11, we do not enjoy the luxury of a dilatory response.

Mr. Zuckerman is chairman and editor in chief of U.S. News & World Report.

A recent batch of WikiLeaks cables led Der Spiegel and The New York Times to print front-page stories on China’s cyber-espionage capabilities Dec. 4 and 5. While China’s offensive capabilities on the Internet are widely recognized, the country is discovering the other edge of the sword.

China is no doubt facing a paradox as it tries to manipulate and confront the growing capabilities of Internet users. Recent arrests of Chinese hackers and People’s Liberation Army (PLA) pronouncements suggest that China fears that its own computer experts, nationalist hackers and social media could turn against the government. While the exact cause of Beijing’s new focus on network security is unclear, it comes at a time when other countries are developing their own defenses against cyber attacks and hot topics like Stuxnet and WikiLeaks are generating new concerns about Internet security.

One of the U.S. State Department cables released by WikiLeaks focuses on the Chinese-based cyber attack on Google’s servers that became public in January 2010. According to a State Department source mentioned in one of the cables, Li Changchun, the fifth highest-ranking member of the Communist Party of China (CPC) and head of the Party’s Propaganda Department, was concerned about the information he could find on himself through Google’s search engine. He also reportedly ordered the attack on Google. This is single-source information, and since the cables WikiLeaks released do not include the U.S. intelligence community’s actual analysis of the source, we cannot vouch for its accuracy. What it does appear to verify, however, is that Beijing is regularly debating the opportunities and threats presented by the Internet.

A Shift from Offensive Capabilities

On Nov. 2, the People’s Liberation Army Daily, the official paper for the PLA and the primary medium for announcing top-down policy, recommended the PLA better prepare itself for cyber threats, calling for new strategies to reduce Internet threats that are developing “at an unprecedented rate.” While the report did not detail any strategies, it quoted a PLA order issued for computer experts to focus on the issue.

The Nov. 2 PLA announcement is part of a long trend of growing network-security concerns in China. In 2009, Minister of Public Security Meng Jianzhu emphasized that the development of the Internet in China created “unprecedented challenges” in “social control and stability maintenance.” In June 2010, the State Council Information Office published a white paper on the growing threat of cyber crime and how to combat it. Clearly, these challenges have been addressed this year. The Ministry of Public Security (MPS) announced Nov. 30 that it had arrested 460 suspected hackers thought to have been involved in 180 cases so far in 2010. This is part of the MPS’ usual end-of-year announcement of statistics to promote its success. But the MPS announcement also said that cyber crime had increased 80 percent this year and seemed to blame the attacks only on hackers inside China.

These were cases mainly of producing and selling “Trojan” programs (malware that looks legitimate), organizing botnets, assisting others in carrying out denial-of-service attacks and invading government websites. The MPS also closed more than 100 websites that provided hackers with attack programs and taught them various tactics.

The PLA already has two notoriously large and capable network security units: the Seventh Bureau of the Military Intelligence Department (MID) and the Third Department of the PLA. In simple terms, the MID’s Seventh Bureau is an offensive unit, responsible for managing research institutes that develop new hacking methods, train hackers and produce new hardware and software. The PLA Third Department, defensive in nature, is the third largest signals intelligence-monitoring organization in the world. STRATFOR sources with expertise in network security believe that China’s government-sponsored hacking capabilities are the best in the world. But this perception is based in part on the fact that China demonstrates these capabilities quite often. The United States, on the other hand, is much more restrained in exercising its offensive cyber capabilities and is not inclined to do so until there is a dire and immediate need, such as war.

Piracy Vulnerability

The details of China’s escalating effort to improve network security are still murky, but one recently announced campaign against software piracy is notable. On Nov. 30, Deputy Commerce Minister Jiang Zengwei announced a new six-month crackdown on illegally copied products in China. He said the focus was on pirated software, counterfeit pharmaceuticals and mislabeled agricultural products. The Chinese public has pushed for more regulation of pharmaceuticals and food due to a rising number of cases in which people have become sick or even died because of falsely labeled or tainted products, such as melamine-contaminated milk. But Beijing seems to be even more concerned about the vulnerabilities created by running unlicensed and non-updated software, and publicizing the crackdown is clearly an attempt by Beijing to appease Western governments and businesses that are placing growing pressure on China.

Indeed, China has a sizable counterfeit economy, much to the ire of Western businesses. While Beijing may placate Westerners by announcing crackdowns for the benefit of international audiences, it takes more forceful measures when it sees a larger threat to itself, and the security emphasis now seems to be on the threat of running insecure software on government computers. The problem with unlicensed software is that it does not receive automatic updates from the manufacturer, which usually are sent out to fix vulnerabilities to malware. Unlicensed software is thus left open to viral infiltration. It is also cheap and easy to get, which makes it pervasive throughout both government and private computer networks.

One of the measures Beijing has started to implement is requiring licensed software to be installed on new computers before they are sold, which also gives the government an opportunity to install censorship measures like Green Dam. One persistent problem is that much of the pre-installed software still consists of pirated copies. While China has released statistics showing that the use of legitimate software in China has increased dramatically, the Business Software Alliance, an international software industry group, estimates that 79 percent of the software sold in China in 2009 was illegally copied, creating a loss to the industry of $7.6 billion in revenue. Even more important to Beijing, these statistics mean the vast majority of Chinese computer systems — government and private alike — remain vulnerable to malware.

At the same Nov. 30 news conference at which Jiang announced the new anti-piracy initiative, Yan Xiaohong, deputy head of the General Administration of Press and Publication and vice director of the National Copyright Administration, announced a nationwide inspection of local and central government computers to make sure they were running licensed software. While this suggests Beijing’s major concern is the security of government computers, it also emphasizes how widespread the unlicensed software problem is.

This new focus on using legitimate software, however, will not be a complete solution to China’s Internet vulnerabilities. There has been little effort to stop the selling of copied software, and it is still very easy to download other programs, licensed and unlicensed, and malware along with them (such as QQ). Moreover, the new security measures are dealing only with the symptoms, not the underlying problem, of a counterfeit-heavy economy. A six-month crackdown will not undermine or eliminate software piracy in China; to do so would require an immense and sustained investment of time, money and manpower. Indeed, China has been a hub for pirating software, films and other copyrighted material for so long that the enormous domestic economic base that has grown up around it would be virtually impossible to dismantle. In any case, vulnerabilities still exist in legitimate software, even if it is better protected against novice hackers. New vulnerabilities are constantly being found and exploited until software companies come up with the appropriate patches.

From Nationalist Hackers to Dissident Threats

China’s highly developed hacking capabilities, more offensive than defensive, include Internet censorship measures like the infamous Great Firewall, and the official police force run by the MPS specifically to monitor Chinese Internet traffic and censor websites is 40,000 strong. China also has developed two unofficial methods of censorship. First, operators of private websites and forums must follow certain government regulations to prevent statements critical of the government from being disseminated, which encourages private operators to be their own censors. Second, there is a veritable army of nationalistic computer users in China that include “hacktivist” groups such as the Red Hacker Alliance, China Union Eagle and the Honker Union, with thousands of members each. They became famous after the 1999 “accidental” bombing of the Chinese embassy in Belgrade, which prompted China-based hackers to attack and deface U.S. government websites. The Chinese government, state-owned enterprises and private companies also engage public relations firms to hire, deploy and manage what have become colloquially known as “Party of Five Maoists.” These are individuals who get paid half a yuan (5 mao) for every positive Internet post they write regarding government policy, product reviews and other issues.

But as China’s Internet-using population nears 400 million, with nearly 160 million using social networking, Beijing recognizes the risk of all this spiraling out of control. Censors have not been able to keep up on the social-networking front. Even with limited or banned access to sites like Twitter and Facebook, their Chinese versions, Weibo and Kaixin, for example, are expanding exponentially. While the government may exercise more control over the Chinese-based sites, it cannot keep up with the huge number of posts on topics the CPC considers disharmonious. The recent announcement of Liu Xiaobo’s Nobel Peace Prize is an example of news that was not reported at first in Chinese media but through social networking sites, spreading like wildfire. And the censorship is not exclusive; even non-dissidents can be censored, such as Prime Minister Wen Jiabao when he recently called for limited political reform.

China’s large Internet population will not all be nationalists. And if those who learn skills from informal hackers turn into dissidents, Beijing would consider them a serious threat. The Internet presents exactly the type of tool that could pose a major threat to the CPC because it spans regions, classes and ethnicities. Most social grievances are local and economic or ethnic-based. The potential for one opposition group to be united nationwide over the Internet is one of Beijing’s gravest concerns. It has realized that a weapon it once wielded so deftly against foreign powers and business entities can now be used against Beijing.

Outside Issues

At the same time Beijing reached this realization, WikiLeaks demonstrated the possibility for sensitive government information to be spread globally through the Internet. Beijing saw that if the United States, with its expertise in signals intelligence and security, could be vulnerable to such a threat, so could China. Stuxnet demonstrated the vulnerability of important infrastructure to cyber attack, one reason for China’s new emphasis on licensed software (Iran is known to run unlicensed Siemens software). China’s recent emphasis on network security is likely linked to all of these factors, or it may be due to a threat seen but as yet unpublicized, such as a cyber attack or leak inside China that the government has been able to keep quiet.

Other countries have also been implementing new network security measures, most notably the United States. On Oct. 31, the Maryland-based U.S. Cyber Command became fully operational, and its commander is also the head of the National Security Agency, the premier U.S. government entity for signals intelligence. (Thus, China’s giving Internet security responsibility to the PLA should come as no surprise to the United States.) And as China realizes the difficulties of defending against attacks in cyberspace, which tends to favor the offense, the United States is wrestling with the same problems and complexities as it tries to shield government, civilian and commercial computer systems, all of which require different degrees of control and operate under different laws. As cyber espionage and cyber sabotage become even greater concerns, China will be forced to face the far more difficult task of not only pecking away at the Pentagon’s firewalls but also providing for its own internal system security.

These new efforts all contradict China’s long-standing policy of cultivating a population of nationalistic computer users. This effort has been useful to Beijing when it sees a need to cause disruption, whether by attacking U.S. sites after perceived affronts like the Chinese embassy bombing in Belgrade or preventing access from powerful foreign entities like Google. But China has also recognized that developing these public capabilities can be dangerous. Nationalist Chinese hackers, if motivated by the right cause and united through the pervasive Internet, can always turn on the government. And the situation seems to have more and more governments on edge, where simple mistakes can raise suspicions. China’s redirection of a large amount of Internet traffic in April caused an outcry from the United States and other countries, though it may well have been an accident.

It is hard to tell what Beijing sees, specifically, as a first-tier cyber threat, but its decision to develop an effective response to all manner of threats is evident.

***We should think of cyberattacks as guided missiles and respond similarly—intercept them and retaliate. This means we need a federal agency dedicated to defending our various networks. You cannot expect the private sector to know how—or to have the money—to defend against a nation-state attack in a cyberwar. One suggestion recommended by Mr. Clarke is that the our government create a Cyber Defense Administration. He's right. Clearly, defending the U.S. from cyberattacks should be one of our prime strategic objectives.***

Ironic that th internet was born from the military. (DARPA?)

A single little twirp tucked away in some small bedroom can bring down whole portions of our economy, military, governement, etc.

I recently wrote a white paper entitled “Dragons, Tigers, Pearls, and Yellowcake” in which I proposed four alternative scenarios for the Stuxnet worm other than the commonly held assumption that it was Israel or the U.S. targeting Iran’s Bushehr or Natanz facilities. During the course of my research for that paper, I uncovered a connection between two of the key players in the Stuxnet drama: Vacon, the Finnish manufacturer of one of two frequency converter drives targeted by this malware; and RealTek, who’s digital certificate was stolen and used to smooth the way for the worm to be loaded onto a Windows host without raising any alarms. A third important piece of the puzzle, which I’ll discuss later in this article, directly connects a Chinese antivirus company which writes their own viruses with the Stuxnet worm.